Job overview
Cyber Security Manager – Governance, Risk & Compliance (GRC)
Band 7 – £49,387 – £56,515 per annum
37.5 hours per week
Thurrock Community Hospital
Responsibilities
* Lead governance & assurance: oversee cyber governance services, manage policy lifecycle, deliver assurance reports to senior and board-level stakeholders.
* Drive risk & compliance: identify, assess & mitigate cyber risks; ensure adherence to legislation, standards and best practice; coordinate audit evidence and assurance activities.
* Strengthen controls & testing: lead the penetration testing programme, manage remediation plans, analyse security data, vulnerabilities and incidents to drive continuous improvement; implement & monitor KRIs and control effectiveness.
* Enhance incident preparedness: develop & lead incident response planning, including tabletop exercises; work closely with operational, technical & information governance teams to improve resilience.
* Lead & develop the team: provide leadership, coaching & direction; manage resources and priorities while fostering a high‑performing, collaborative culture.
* Engage stakeholders: build strong relationships across teams, communicate complex risks clearly, and influence decision‑making to secure buy‑in for security initiatives.
Benefits
* 27 days holiday, plus bank holidays, rising to 33 days after 10 years’ service.
* Excellent pension of up to 14.5% of your pensionable pay.
* Staff discounts including Blue Light Card, NHS discount offers and other benefits.
* £8,000 relocation package if you move to Essex to join us.
* Season ticket loans are interest‑free to cover the cost of travelling to and from work via tram, rail or bus.
* Job share: applications for job shares are welcomed.
Key skills and experience
* Expert knowledge of cyber security, governance, risk and compliance frameworks.
* Strong experience with ISO 27001, CAF, DSPT, COBIT or similar standards.
* Proven ability to lead risk management, audits and assurance programmes.
* Experience managing security incidents, vulnerability management and protective monitoring.
* Demonstrable success in leading teams, driving change and delivering against demanding timescales.
* Excellent analytical, problem‑solving and decision‑making skills.
* Outstanding communication and stakeholder engagement skills, able to influence at senior levels.
* Experience working in a large, complex organisation (NHS or public sector desirable).
* Relevant professional certifications (e.g. CISM, CISA, CRISC, CGRC) or equivalent experience.
Education and qualification
Essential criteria
* Educated to master's level, or equivalent experience, in Cyber Security or governance/compliance.
* Evidence of continuing professional development and specialist knowledge or experience which can be demonstrated to be equitable to a master's degree.
* Actively hold certifications; CGRC, CRISC, CISA, CISM or CGEIT.
* Professional registration of FEDIP and professional membership of one of its member bodies.
Desirable criteria
* ISO 27001:2022 Implementer or Auditor certification.
* Subject matter expert in risk management and cyber security.
* ITIL Service Management.
Additional qualities
Essential criteria
* Must be a car owner with full UK driving licence as travel will be required.
* Passion for new and emerging security related technologies.
* Willing to work flexibly to ensure the job is done.
Knowledge
Essential criteria
* In‑depth knowledge of the fundamentals surrounding cyber security.
* Excellent understanding of the management and transformation of services.
Desirable criteria
* Experience and knowledge of the Cyber Assurance Framework (CAF).
* Experience and knowledge of the Data Security Protection Toolkit.
* Understanding and implementation experience COBIT 2019.
Skills and experience
Essential criteria
* Significant experience of protective monitoring and security incident management.
* Previous experience within a large complex organisation in a related activity.
* Demonstrable experience of producing qualitative work to aggressive timescales.
* Demonstrable experience of building strong relationships with business partners and multi‑discipline project delivery teams.
* Full line and team management experience including leading, developing, motivating, coaching and talent management.
* Public sector or NHS management experience.
* Evidence of implementing change in governance related activity/area.
Desirable criteria
* Experience of working in a planning, project or change management environment.
* Development of option appraisals, feasibility studies and business cases.
Personal qualities
Essential criteria
* Ability to plan, organise and control all aspects of workload whilst working under extreme pressure.
* Can explain highly complex issues and requirements in clear, non‑technical language and concise manner.
* Ability to interface at all levels within the customer environment to develop relationships and opportunities and manage problems.
Equal opportunities
Our Trust is an Equal Opportunities Employer. We particularly welcome applications from people with experience of using mental health services. We also hold the Disability two‑tick symbol and have made a pledge to commit to employing more people with learning disabilities. If you require this application form in another format (e.g. Braille or audio), please contact the Recruitment Department at 01375 364 513 or email epunft.recruitment.adverts@nhs.net.
#J-18808-Ljbffr