Head of Security - Secure

Do you want to use your cyber skills to undertake a cyber security role at unprecedented scale that makes a real difference to healthcare in England?

Cyber Operation's purpose is to support safe care and build public trust by building NHS England’s cyber resilience and enabling the wider health system to be cyber resilient. As well as, supporting the Transformation Directorate’s purpose of delivering the best care and outcomes for the NHS.

The Cyber Operations sub-directorate consists of 4 operational areas:

• Cyber Security Operations Unit (CSOU).
• Cyber Delivery Unit (CDU).
• Cyber Improvement.
• Chief Information Security Office Function (CISO).

The CISO Function consists of four operational teams:

• Security Strategy.
• Secure (by Design).
• Security Assurance.
• Security Governance, Risk & Compliance (GRC).

The Head of Security - Secure sits in the Secure team within the CISO Function.

This is an exciting opportunity to help shape, guide and deliver NHS England’s Cyber Security Strategy. You’ll be given the support and autonomy to use your skills, knowledge, and experience to have a real long-lasting impact. Helping to improve NHS England’s cyber resilience, which in turn, improves patient safety and provides a more efficient health service.    

The purpose of the role is to lead a group of cyber security SMEs and professionals at the heart of keeping NHS England secure. We provide expert specialist security consultancy to ensure the secure design and development of NHS systems and services, which include Critical National Infrastructure and major national services.

We’re a diverse, driven, progressive team, and you’ll be leading us to deliver threat modelling, security assessments and expert cyber advice, along with strategic security improvement projects. In addition, the role will include:

• Providing expert cyber security consultative advice and guidance.
• Developing and implementing security design governance (including DevSecOps).
• Maintaining technical security standards, benchmarks, and design patterns.
• Proactively interacting with key stakeholders to gather information, resolve problems and make recommendations for security improvements.
• Reporting to senior leadership, translating cyber jargon in language our leaders can understand and action.
• Developing and delivering an integrated information and cyber security strategy.
• Identifying missing or weak security controls and delivering project to improve them.
• Line management responsibility (strategising, planning & coaching).

Important: Please be aware there are residency requirements you need to meet:

• All of our Cyber Security personnel must hold security clearance SC level as a minimum. To meet National Security Vetting requirements, you must have resided in the UK for a minimum of 3 out of the past 5 years for SC clearance. Candidates who were posted abroad for service with HM Government, Armed Forces or within a UK government role - will still be considered. More information on SC clearance can be found here.

Please make sure you meet these requirements before applying for this role. You don’t need to have SC already, however, failure to achieve the requirements for SC after offer, will result in the job offer being withdrawn. 

Some of the skills and experience we're looking for: 

Consulting - Extensive knowledge of techniques, roles, and responsibilities in providing technical or business guidance to clients, both internal and external; ability to apply this knowledge appropriately to diverse situations.

Information Security Management - Advanced specialist knowledge of the processes, tools and techniques of information security management, ability to deploy and monitor information security systems, as well as detect, resolve, and prevent violations of IT security, to protect organisational data.

Cybersecurity Risk Management - Highly developed specialist knowledge of tools, techniques, approaches and processes of cybersecurity risk management; ability to ensure organisational network operation and minimize negative effect by cybersecurity risks.

Information Technology (IT) - Highly developed specialist knowledge of IT security policies, standards, and procedures; ability to utilise a variety of administrative skill sets and technical knowledge to ensure cyber security compliance. 

Innovation - Highly developed specialist understanding of the value of innovation and ability to develop new ideas and initiatives that improve the performance of the organisation. 

Communicating Complex Concepts - In-depth knowledge of techniques to ensure clear understanding and ability to use summarisation and simplification techniques to explain complex technical concepts in simple, clear language appropriate to the audience. 

NHS Digital merged with NHS England on 1 February 2023 to help us to better support the NHS as one, streamlined organisation with digital, technology and data at the heart of our plans. Successful applicants should be aware that roles will be subject to change in the new organisation, but our mission, to use data and technology to improve lives, will remain.

We are a great place to work. What we do matters.

Our outstanding teams are passionate about technology and public service, making use of everyone’s skills to improve people’s lives.

We collaborate to deliver world class tech and intelligence, so come and join us. We are committed to sustainability, diversity and inclusion; our people are at the heart of what we do.

Why you should apply

We value the different experiences our people bring to their work at NHS Digital. We're working to create an environment where everyone can make a full contribution no matter their background, identity, or circumstances.  Which means, we encourage applications from people of all backgrounds and abilities.  

Our work matters. You matter.

What we offer you:

• we're moving to a hybrid working approach which offers you an informal, flexible way of blending home and office working
• flexible working opportunities - we value and respect the diversity of our employees, and applications from prospective candidates who require flexible working arrangements are welcomed; these include part-time hours, job sharing, flexible hours and part-remote set ups
• 27 days annual leave increasing to 33 days with service
• ability to buy and sell annual leave  
• a generous pension (with our contribution equal to 20.6% of your earnings)
• NHS Discounts including shops, restaurants, gym, mobile phones, and insurance
• employee benefit schemes including our Season Ticket Loan, Car Lease and Bike to Work schemes

Next steps

Our application process is straight forward and involves uploading a CV and providing a supporting statement. Within the supporting statement we are looking for you to evidence how you meet the skills, knowledge, experience and qualifications outlined in the advert and role profile 

If you require any support or reasonable adjustments to allow you to complete your application, please email [email protected] 

Remote interviews will take place from 26th June 2023. Applicants who are shortlisted for interview will be contacted by email.

To view further information please see the attached role profile.