Cyber Security Consultant (Senior Security Advisor – CISO)
At NHS England, cyber security is fundamental to delivering safe, reliable healthcare services to millions of people every day. Our Chief Information Security Office (CISO) Function plays a critical role in protecting national systems and enabling secure digital transformation across the NHS.
Main duties of the job
As a Senior Cyber Security Advisor, you will deliver expert consultancy to programmes and services, ensuring solutions are secure by design and resilient to evolving cyber threats. You will conduct threat modelling, security assessments and risk analysis, clearly articulating risks and recommending proportionate controls to reduce likelihood and impact.
You will provide authoritative guidance on security architecture, standards and patterns, embedding effective governance and controls across the technology lifecycle. Working collaboratively across technical and non-technical teams, you will resolve complex challenges, influence decisions, and strengthen cyber resilience outcomes.
The role requires championing a strong security culture, enabling delivery teams to build secure systems from the outset, and supporting programme objectives through clear security strategies and effective risk management.
You will identify, assess and manage cyber risks, ensuring they are understood, tracked and mitigated in line with organisational and national standards. This is a critical role in maintaining NHS England's alignment with government policy and industry best practice.
You will apply technical expertise and creative problem‑solving to protect patient data, support safe care, and maintain public trust.
Qualifications and Experience
* Masters level degree in Cyber Security or a relevant subject, or equivalent level of experience.
* At least 5 years of continuous UK residency is required for Security Clearance level SC. In certain circumstances, 3 years continuous UK residency may be accepted with additional overseas checks.
* Staff recruited from outside the NHS will be appointed at the bottom of the pay band.
Skills
* Wide‑range expertise in information security management processes, tools and techniques; ability to deploy, monitor and improve security systems.
* Proficient in application security tools, techniques and practices; ability to design and implement security programs for web and mobile applications.
* Solid knowledge of cybersecurity risk management; ability to maintain network operation and minimise negative effects caused by cyber risks.
* Specialised knowledge of vulnerability assessment tools, techniques, models and systems for identifying vulnerabilities across network, operating system, mobile application, and other platforms.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and will require a disclosure to the Disclosure and Barring Service to check for any previous criminal convictions.
Employer
NHS England
Pay
£69,033.60 to £77,700 a year (this includes an RRP payment of 20%)
Contract
Permanent
Working pattern
Full-time
Reference number
990-TDD-CY-EC3056-E
#J-18808-Ljbffr