Ict head of cyber security

ICT Head of Cyber Security
Office: King's College Hospital NHS Foundation Trust – Denmark Hill

Closing date: 18 June 2026

Overview: The ICT Head of Cyber Security will act as the Trust’s expert on cyber security protection, detection, response, and recovery. The role sets the strategic direction for cyber threat management and the planning of security solutions, while leading and developing the Trust’s cyber security team.

Main duties of the job

Lead strategic planning for current and future IT security solutions, aligning with best practice and emerging technologies

Collaborate with teams to ensure compliance with security standards

Lead on internal and external audits and audit preparation relating to IT security

Maintain compliance with standards including DSPT, CareCERT, Cyber Essentials+, NIS, and ISO 27001

Act as the Trust’s advisor on cyber security protection, detection, response and recovery

Develop and advise on implementing policies, procedures, and guidance for cyber and IT security systems and processes

Advise ICT senior leaders to shape a robust IT security service across the department and its systems

Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence

Work with technical teams to maintain all security tools and technology used in the department

Work with technical teams to deliver and manage cyber security and compliance across internal and externally hosted systems

Undertake scoping and delivery of penetration tests and ensure actions are resolved

Supporting wider IT functions in the evaluation and implementation of new technology and controls

Defining and documenting a security incident response program

Respond to high priority NHS Digital Care Cert alerts in line with NHS Digital requirements

Produce a monthly cyber security KPI report for the Trust Information Governance Committee and ICT senior leaders

Job responsibilities

Maintain, update, and implement Trust policies in scope of the ICT department covering all aspects of information security and cyber activities

Draft, develop, implement and maintain a portfolio of policies relating to all aspects of cyber security within ICT

Ensure compliance with Trust policy and procedures is fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums

Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live

Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures

Identify, propose and implement changes to practices and procedures required in departmental and user environment to improve service levels

Ensure that all cyber security risks are updated and managed via the Trust risk and issues process

Manage the Change Control process within the ICT department

Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure

Advise departments on the security of IT equipment

Monitor and advise on software licence compliance in association with the Software Asset Manager

Advice and guidance on the purchase of IT security equipment

Exercise duty of care when using Trust equipment (computers and software)

Advise ICT senior leaders on the most cost‑effective method for maintaining the integrity and security of data and equipment

Regularly research security developments and requirements on national forums and support from the National Cybersecurity Centre

Regularly research virus and security alerts provided by NHS information security service

Keep up to date with developments in IT infrastructure and related technologies

Contribute to the ICT Cyber‑security approach and strategy

Undertake surveys and compliance audits determined by legislation and national guidelines using on‑line and developed information systems when necessary, to ascertain scores against the standards

Line‑manage the technical staff within the cyber‑security team. Participate in regular performance appraisal meetings and ensure each team member has a clear set of objectives and development plans

Ensure performance issues are dealt with in an appropriate and timely manner and follow the Trust's disciplinary or performance procedures where formal action is necessary

Ensure working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety, ensuring the environment in which you and your staff work is safe, clean and tidy

Observe and continually promote equal opportunities in compliance with the Trust's policies and values

Develop team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure

Communicate highly complex issues to a wide range of non‑technical end users from multiple backgrounds and organisations, including difficult users

Have excellent documentation writing skills to create and develop processes and procedures relating to the services delivered by the cyber‑security team

Communicate effectively with third‑party vendors around the Trust cyber‑security requirements

Have excellent interpersonal skills, building effective professional relationships with end users, departmental system administrators and departmental managers

Be an effective team player, and act on your own initiative

Provide training to groups (large and small) and provide ad‑hoc advice to other support staff

Have effective communication skills, both verbal and written, essential for liaising with individuals at all levels of the Trust, from board level to lower grade staff

Provide expert advice to line manager on all matters relating to cyber‑security impact

Apply industry‑standard project management approaches to the implementation of all cyber‑security deployment work with the Trust projects and programme team

Work with Trust teams to ensure a programme to deliver induction messages to meet statutory training requirements in information security and cyber‑security

Plan and manage a range of cyber‑security groups and forums such as the ATP group, unsupported systems group, ICT security reviews group and patch management group

Plan and manage the Trust Cyber‑security risk register as part of the wider ICT risks and their link to the Trust risks

Maintain the agreed work programme with the team and ensure through time management and objective setting that targets are achieved

Lead, coach and manage the performance of the team in line with good people‑management practices, recognising excellence and addressing underperformance

Ensure the team is compliant with all statutory, mandatory training together with any professional training requirements, keeping them up to date and fully compliant

Manage team absences including sickness in line with Trust policy, ensuring the appropriate return‑to‑work meetings occur, e‑roster is updated and productivity remains at the highest possible level

Identify and fill vacancies that arise within the team in line with the Trust’s recruitment policy and process

Identify talent and support the internal talent management process in order to attract and retain and succession‑plan for your people

Review skill mix at regular intervals to maximise resource utilisation/allocation, ensuring job descriptions are kept up to date

Ensure overall wellbeing of the team is maintained, continuously supporting improved morale and implementing a culture of zero‑tolerance for bullying and harassment

Have a general duty of care for own health, safety and wellbeing and that of work colleagues, visitors and patients within the hospital, in addition to any specific risk management or clinical governance accountabilities associated with this post

Observe the rules, policies, procedures and standards of King's College Hospital NHS Foundation Trust together with all relevant statutory and professional obligations

Observe and maintain strict confidentiality of personal information relating to patients and staff

Be responsible, with management support, for personal development and actively contribute to the development of colleagues

Person Specification
Education and Qualifications

Educated to Degree Level or significant cyber‑security experience plus Master’s level or equivalent experience

Hold and retain a security industry‑recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP)

ITIL Foundation, Prince 2 Foundation; knowledge of the full product development lifecycle

Knowledge and Experience

Broad technical knowledge covering all aspects of infrastructure from networking, end‑user devices through to servers and data centres

Fluent, logical and confident communication with a wide range of staff levels; possess good interpersonal and communication skills

Broad experience using a range of cyber‑security software and applications (access control software, anti‑virus software, network monitoring tools, Microsoft security features, PAMs, internet monitoring tools, email monitoring tools)

Experience working in an NHS cyber‑security regulatory environment or a similar organisation

Staff management and development experience of complex technical teams

Professional / Technical / Innovative Skills

Excellent communication, interpersonal and influencing skills

Contract and Working Pattern

Contract: Permanent

Working pattern: Full‑time

Salary: £75,328 to £86,114 a year, including high cost allowance

Job Location
King's College Hospital NHS Foundation Trust – Denmark Hill, Unit 5, KCH Business Park, 129‑131 Coldharbour Lane, Denmark Hill

#J-18808-Ljbffr