A Vacancy at Essex Partnership University NHS Foundation Trust.
Cyber Security Manager – Governance, Risk and Compliance (GRC)
Band 7 - £49,387 - £56,515 per annum
37.5 hours per week
Thurrock Community Hospital
Are you ready to lead cyber security at scale in a complex, mission-driven organisation where your work truly matters?
We’re looking for an experienced and passionate Cyber Security Manager – Governance, Risk & Compliance (GRC) to drive our cyber assurance agenda and strengthen the resilience of critical NHS services. Reporting directly to the Associate Director of Information Security (CISO), you will play a pivotal leadership role, shaping how we manage cyber risk, compliance, and governance across the Trust.
This is more than a management role — it’s an opportunity to influence strategic decision-making, protect vital services, and lead meaningful change in an evolving cyber landscape. You’ll work at the heart of the organisation, collaborating with senior stakeholders, technical teams, and external partners to ensure we meet the highest standards of cyber security and regulatory compliance.
We’re looking for someone who combines deep technical expertise with strong leadership, who thrives in a fast-paced environment, and who can translate complex cyber risks into clear, actionable insights.
In return, you’ll join a supportive, forward-thinking team where innovation is encouraged, professional growth is supported, and your impact will be visible across the organisation.
What you’ll be doing:
Lead Governance & Assurance
Oversee cyber governance services, ensuring alignment with frameworks such as ISO 27001, CAF and DSPT. Manage the full lifecycle of policies and procedures, and deliver clear assurance reports and dashboards to senior and board-level stakeholders.
Drive Risk & Compliance
Identify, assess and mitigate cyber risks across the organisation. Ensure adherence to legislation, standards and best practice, and coordinate audit evidence and assurance activities.
Strengthen Controls & Testing
Lead the penetration testing programme, managing remediation plans and analysing security data, vulnerabilities and incidents to drive continuous improvement. Implement and monitor KRIs and control effectiveness.
Enhance Incident Preparedness
Develop and lead incident response planning, including tabletop exercises, working closely with operational, technical and information governance teams to improve resilience.
Lead & Develop the Team
Provide leadership, coaching and direction, managing resources and priorities while fostering a high-performing, collaborative culture.
Engage Stakeholders
Build strong relationships across teams, communicate complex risks in a clear, accessible way, and influence decision-making to secure buy‑in for security initiatives.
Benefits
* 27 days holiday, plus bank holidays, rising to 33 days after 10 years’ service.
* Excellent pension of up to 14.5% of your pensionable pay.
* Staff discounts include Blue Light Card, NHS discount offers, and staff benefits.
* £8K relocation package if you move to Essex to join us.
* Season ticket loans are interest‑free to cover the cost of travelling to and from work via tram, rail, or bus.
Work that wraps around your needs
* Job share: Applications for job shares are welcomed.
What we’re looking for:
You’ll be a confident and credible cyber security professional with a strong GRC background and leadership experience in complex environments.
Key skills and experience include:
* Expert knowledge of cyber security, governance, risk, and compliance frameworks.
* Strong experience with ISO 27001, CAF, DSPT, COBIT or similar standards.
* Proven ability to lead risk management, audits, and assurance programmes.
* Experience managing security incidents, vulnerability management, and protective monitoring.
* Demonstrable success in leading teams, driving change, and delivering against demanding timescales.
* Excellent analytical, problem‑solving, and decision‑making skills.
* Outstanding communication and stakeholder engagement skills, with the ability to influence at senior levels.
* Experience working in a large, complex organisation (NHS or public sector desirable).
* Relevant professional certifications (e.g., CISM, CISA, CRISC, CGRC) or equivalent experience.
Personal qualities we value:
* Driven, proactive, and resilient under pressure.
* Collaborative, flexible, and adaptable to change.
* Passionate about cyber security and emerging technologies.
* Able to simplify complexity and bring clarity to challenging issues.
If you’re ready to lead, innovate, and make an impact — we’d love to hear from you.
If you're shortlisted, your interview will take place on 16 June 2026.
This advert closes on Thursday 28 May 2026.
#J-18808-Ljbffr