Overview
Go back Calderdale and Huddersfield NHS Foundation Trust
The closing date is 15 October 2025
The Health Informatics Service (THIS), hosted by Calderdale and Huddersfield NHS Foundation Trust (CHFT), provides a broad range of IM&T services across many diverse customer organisations. A significant part of this provision reports to the Chief Technology Officer (which accompany Operational Support and Business Intelligence services). These services are based around those functions that provide people, who have highly developed specialist knowledge, skills and experience, allowing them to facilitate, train, manage and advise across a whole range of IM&T related areas. The Cyber & IT Security Service (CITS) is one of these principal service areas.
The post holder will be a key member of the Chief Technology Officers staff and have responsibility for leading the design, delivery and continuous improvement of the CITS service, ensuring that the strategic vision for the service is developed and delivered in line with mandated national policy and our internal Governance, Risk and Compliance (GRC) Framework.
Specifically, the post holder will direct and support the Operational Technical Managers with the implementation of the strategic vision for Cyber & IT Security, across THIS, CHFT and the wider customer base, ensuring professionalisation and commercialisation are embedded as central values throughout all levels of the service.
Main duties of the job
To lead the development and to direct the implementation of the overall strategic vision of the CITS Service, including service/personnel development/improvement, professionalisation and commercialisation.
Lead on the development and implementation of the GRC Programme from a CITS perspective, ensuring all current and emerging national and locally mandated compliancy areas are encompassed (ISO27001:2013, Cyber Essentials Plus, NIS Regulation, GDPR, DATA Protection Act 2018, ENISA, DSPToolkit, OWASP top 10).
Lead on the strategic development of the THIS Cyber Security Service.
Be responsible for remaining up to date on current security threats (threat actors/attack vectors) and ensure risk assessments are applied to promote mitigation.
Be responsible for the research and evaluation of the latest Cyber Security, Information Security and IT Governance products and protocols.
Lead on the development and delivery of a range of Cyber & IT Security awareness sessions/workshops/presentations that will focus on improving cyber safety throughout the business, customer base and wider regional footprint.
Be responsible for the management, development, support and delivery of all CITS services delivered to both internal and external customers.
To create and continually develop a structure that will consistently deliver excellent service and meet all customers' requirements.
About us
We employ more than 6,500 staff who deliver compassionate care from our two main hospitals, Calderdale Royal Hospital and Huddersfield Royal Infirmary as well as in community sites, health centres and in patients' homes. We also are incredibly proud to have almost 150 volunteers here at CHFT.
We provide a range of services including urgent and emergency care; medical; surgical; maternity; gynaecology; critical care; children's and young people's services; end of life care and outpatient and diagnostic imaging services.
We provide community health services, including sexual health services in Calderdale from Calderdale Royal and local health centres. These include Todmorden Health Centre and Broad Street Plaza.
We continue to modernise and invest in our health services to build on our strong reputation.Foundation trusts are public leaders in improving quality in health services. They are part of the NHS - yet decisions about what they do and how they do it are driven by independent boards. Boards listen to their Council of Governors and respond to the needs of their members - patients, staff and the local community.
Foundation trusts provide what the health service wants, yet are also free to invest quickly in the changes to the local community needs, in striving to be the best, and in putting their patients first.
Job responsibilities
Please note: This role requires Security Check (SC) clearance. Candidates must already hold this clearance or be eligible to obtain it.
Applicants must either currently hold SC clearance or be eligible and willing to undergo the Security Check vetting process.
Due to the security-sensitive nature of this role, SC clearance is required.
Strategic
Formulate and implement the long term Cyber & IT Security Strategy and dependant Policies and Procedures, in line with THIS, CHFT, customer and national requirements
Formulate the Health Informatics Cyber & IT Security business plan
Scope, design and implement GRC Methodologies in conjunction with the DPO across all Trust departments
Design CITS policies in line with existing and upcoming nationally and locally mandated compliancy requirements
Support the senior leadership team to plan the long term development of The Health Informatics Service
Maintain all business level certifications/accreditations e.g. Cyber Essentials, IASME, IASME Gold, Relevant accreditations in line with DSP Toolkit.
Provide advice, guidance and auditing regarding:
Audit and guide Business Asset Risk Assessments across the Trusts technical estate
ISO27001:2013
GDPR/NIS Regulation Technical requirements
Data Security and Protection Toolkit
Cyber Incident Response, including ability to host regional calls during outages/attacks/significant vulnerabilities
Designing and directing the internal CareCert implementation and response process across all technical teams
CareCert/NHS England alerts and evidential reports
Product and Service analysis pre-procurement
Lead on security analysis of products and services pre-implementation across a wide range of service users, including Financial, Clinical, and Operational systems
Compliance and Compensating control scoping and design
Advise the ISMS Group on technical aspects of Trust Risk
Advise all technical teams around mandatory actions (patching etc) as well as best practice
Provide Technical Guidance to the Information Governance Team and DPO
Advise on Disciplinary cases of computer misuse
Investigate and report serious or highly sensitive security breaches.
Facilitate and deliver appropriate security reporting across all levels of the organisation and customer base.
Educational
Responsible for the design delivery and evaluation of:
Technical Awareness Training
Board Awareness Training
Customer Organisation Awareness Training
Skills Development Network Workshops and Seminars
Areas covered within this training included Password Design and use, Account Safety, SPAM and Phishing awareness, Open WiFi safety, Dark Web overview.
Internal Staff Awareness of GRC principles and the interoperability of Governance Risk and Compliance.
Technical
Across THIS, CHFT and the wider customer base, responsibility for the design, maintenance, and monitoring of:
Corestream (GRC Business Assurance tool)
Email Protection
Encryption Technologies
Web Filtering
Application control
Vulnerability Testing
Penetration Testing
Phishing simulation campaigns
SIEM and logging systems
OWASP top 10 compliance analysis
Forensic Investigation/Breaches
Managerial Duties
Please see job description for full details of responsibilities
Person Specification
QUALIFICATIONS / TRAINING
* Degree standard or equivalent level of knowledge acquired through experience
* Cyber Security Certification (e.g. C|EH, CISSP, HCISPP, CISA etc.)
* ITIL Framework Qualification or equivalent level of knowledge acquired through experience
* Professional Qualification in Governance Risk and Compliance (eg GRCP)
* Evidence of continuing professional development
* Willingness to undertake professional training relating to the role
* Forward planning to support your Personal/Professional Development Plan (PDP)
KNOWLEDGE, EXPERIENCE & EXPERTISE
* A senior service delivery position within a large public/private sector organisation
* Experience of working across a complex range of health or social care organisations
* A substantial proven track record of IT Security; planning and implementation of multiple complex systems - gained from working in a range of organisations in an NHS setting
* A demonstrable understanding of the principles of modernisation in the NHS, including experience around service improvement and re-design, monitoring change and facilitating staff in changing their working practices, CareCert, GDPR etc
* An understanding of corporate governance and risk management systems and processes
* Able to develop, put in place and oversee progress tracking and reporting mechanisms which mitigate and manage delivery and operational risks
* Experience of benefits realisation
* Budget management experience, utilising standard financial budgetary controls
* Experience of Vulnerability testing methodologies
* Experience of Pen Testing Methodologies
* Experience in the use of an Enterprise level Security portfolio
* In-depth professional knowledge of relevant IM&T developments and programmes within the NHS environment and beyond, including European wide Cyber related Law
* In-depth professional knowledge of the National and Local NHS Digital Health agenda
* Flexible approach to work self-motivated and able to work on own initiative with minimum supervision and be able to handle many different competing priorities at once
* Excellent interpersonal skills. Able to effectively communicate with all levels of staff both verbally and in writing
* Ability to work nationally (with occasional overnight stays).
* Ability to work in various locations throughout the network of services provided by Calderdale and Huddersfield NHS Foundation Trust.
* Able to fulfil the health requirements of the post as identified in the Job Description, taking into account any reasonable adjustments recommended by Occupational Health.
* Ability to source, assimilate and analyse extremely complex data and information relating to wide range of services and translate into an easily understood format
* Experience of Firewall configuration and audit criteria
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Calderdale and Huddersfield NHS Foundation Trust
Address
The Health Informatics Service
#J-18808-Ljbffr