Job summary
This role provides strategic and operational leadership for cyber security across complex NHS digital environments. The post holder will oversee the delivery and continual improvement of cyber defence capabilities, ensuring protection of critical IT systems, data, and services. Working within a national team, they will coordinate activities across multiple sites, manage security operations, and maintain compliance with national policy, standards, and frameworks. The role requires technical expertise, strong leadership, and collaboration across technical, clinical, and business functions to enhance digital resilience and safeguard patient care.
Main duties of the job
Lead and manage cyber security operations, ensuring the effective use of Security Information and Event Management (SIEM) systems, access controls, and incident response tools. Oversee the monitoring, investigation, and resolution of security incidents and vulnerabilities. Support delivery of national cyber initiatives, policies, and reporting requirements. Provide expert guidance on threat management, risk mitigation, and service improvement. Collaborate with internal and external partners to strengthen system security, resilience, and compliance. Contribute to workforce development through coaching and mentoring.
About us
Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We also give patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.
Job responsibilities
Develop, implement, and maintain security policies, processes, and technical controls across the organisation. Lead investigations into cyber incidents and coordinate remedial actions. Ensure systems and data are protected in line with national standards and governance frameworks. Manage and optimise cyber tooling and automation to improve detection and response. Provide professional advice to senior leaders and stakeholders on emerging threats and technology change. Support staff awareness and training, fostering a strong security culture throughout the organisation.
Person Specification
Qualifications
Essential
* Educated to degree (or equivalent qualification / experience) in an associated professional field.
* Practical experience, working at this level, across the range of work procedures and practices.
* Evidence of continuous professional development.
Desirable
* Professional Registration with a relevant informatics professional body.
* FEDIP Practitioner, or equivalent recognised Intermediate level Professional qualification.
Experience and Knowledge
Essential
* Experience of successfully leading a team, to manage, coordinate and improve the security activities and resources for the IT systems and applications within a large complex organisation.
* Previous experience in managing Security Information and Event Management (SIEM) systems.
Skills and Attributes
Essential
* Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
* Able to work flexibly in a hybrid working environment.
* Travel throughout Wales between sites, as required by the job.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .
Employer details
Digital Health and Care Wales
Hybrid working - Ty Glan Yr Afon
Location to be confirmed at interview
CF11 9AD
Employer's website:
#J-18808-Ljbffr