The closing date is 17 March 2026
We are seeking an exceptional and forward‑thinking Head of Information & Cyber Security to lead our Trust's security strategy, ensuring our information, systems, and digital services remain resilient, compliant, and protected against evolving cyber threats.
This is a senior leadership position, accountable to the Board for establishing and maintaining a Trust‑wide information security management program, responsible for shaping our information security governance framework, providing expert advice to executive leadership, developing an organisational security culture, and ensuring we meet all relevant regulatory and legislative requirements.
Main duties of the job
The Head of Information & Cyber Security is responsible for shaping and executing the Trust's information & cyber security strategy, ensuring alignment with Trust priorities and digital transformation goals.
This role will oversee the design, implementation, and continuous improvement of security policies, frameworks, standards and controls and manage the Trust's approach to risk assessment, threat intelligence, incident response and business continuity.
As Head of Information & Cyber Security you will be responsible for ensuring compliance with key regulations and standards including NIS2, DSPT, CAF, ISO27001, Cyber Essentials Plus, Data Protection Act 2018 and UK GDPR.
You will oversee the effective security operations, monitoring, vulnerability management and penetration testing programmes and act as the key point of contact with external partners such as the NHS Cyber Security Centre, suppliers and third‑party security providers.
About us
We manage three major locality hospitals at North Tyneside, Wansbeck and Hexham, plus a number of smaller community hospitals and clinics from Tynemouth to Berwick on Tweed, covering one of the largest geographical areas of any NHS trust in the country. Leading in innovation and quality - opening a state of the art Northumbria Specialist Emergency Care Hospital, the first of its kind in England. Do you want to work in one of the best performing NHS organisations in England? Work in an organisation that supports its staff and focuses on staff experience as much as it does the experience of its patients? You can live and breathe in an area that has the cleanest air, cost effective living, great nightlife, some of the best schools with a wealth of history available on your doorstep. Sound too good to be true? Well it isn't, this is what you get when you work for Northumbria Healthcare, this is the Northumbria Way! Please read 'applicant guidance notes' before submitting your application.
Job responsibilities
Responsible for developing and strengthening information and cyber security provision and implementing strong risk management strategies to protect the organisation.
To develop, maintain and effectively manage the implementation of policies, standards and controls in line with best practice, providing guidance and support to colleagues to ensure security and safety.
Develop the strategic road map for an effective vulnerability detection, assessment, remediation, and threat intelligence program.
Maintain and enhance the Information Security Management system (ISMS).
To ensure that all changes to the IT environment comply with information security requirements.
Oversee security performance assessment of suppliers and internal resources.
Provide specialist advice on information and cyber security and increase awareness amongst staff.
To work with colleagues to ensure pro‑active monitoring of IT infrastructure.
Ensure adherence to standards such as ISO27001, Cyber Essentials Plus and GDPR.
Identify threats, assess their impact, and take appropriate action to resolve and prevent them.
Ability to influence and present at Committee/Board level.
Respond to or manage security incidents/breaches, oversee patching/vulnerabilities or hardening systems including detection, response, recovery, and post‑incident analysis.
To develop business cases for Trust capital investments around technical security.
Qualifications
* Educated to Masters level (or relevant experience)
* Certified Information Security Manager (CISM) certification or Certified Information Systems Practitioner (CISSP)
* Evidence of continuing professional development
* PRINCE2, project management, (or equivalent experience) and change management methodologies
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Northumbria Healthcare NHS Foundation Trust
Address
Manufacturing & Innovation Hub Northumbria Healthcare NHS Foundation Trust
#J-18808-Ljbffr