# Cyber Security Lead > NHS job listing from Job Clerk for The Christie NHS Foundation Trust. ## Canonical URLs - **HTML:** https://www.jobclerk.com/job/cyber-security-lead/9ba3ea82-43c4-4c16-8fa1-0c78b3b23d36 - **Markdown:** https://www.jobclerk.com/job/cyber-security-lead/9ba3ea82-43c4-4c16-8fa1-0c78b3b23d36.md ## Summary - **Status:** Archived / closed - **Employer:** The Christie NHS Foundation Trust - **Town:** Manchester - **Region:** North West - **Country:** England - **Profession:** Estates and facilities - **Grade:** Band 8 - **Salary:** £66,582 - £77,368 Pro Rata Per Annum - **Contract type:** Permanent - **Employment type:** Full time - 37.5 hours per week - **Closing date:** 2026-06-24T23:59:00.000Z - **Posted:** 2026-06-10T09:15:49.384Z - **Source information URL:** https://www.healthjobsuk.com/job/UK/Manchester/Manchester/The_Christie_NHS_Foundation_Trust/Cyber_Security_Lead/Cyber_Security_Lead-v8070755 - **Application URL:** https://apps.trac.jobs/job-advert/8070755?ShowJobAdvert=&feedid=9002 - **Employer website:** https://www.christie.nhs.uk ## Job Content ### Job overview As Cyber Security Lead (Grade 8b subject to banding), you will provide strategic leadership, governance and assurance for cyber security across The Christie NHS Foundation Trust, acting with delegated authority from the CIO and SIRO. You will ensure cyber security enables safe, resilient, and trustworthy digital services that protect patient information and support clinical care, aligned to the Trust and Digital Strategies and national NHS cyber priorities. You will oversee cyber security services delivered by internal teams and third-party suppliers, maintain a clear view of cyber risk exposure, and provide high-quality reporting and escalation to senior governance and Board-level forums. Develop, own and maintain the Trust Cyber Security Strategy and Roadmap, aligned to Trust objectives and national NHS cyber policy. ### Main duties of the job Act as the Trust’s senior authority on cyber security risk, providing expert advice, assurance, & appropriate challenge to executive and Board-level forums. Translate national requirements and frameworks (including DSPT & the NCSC Cyber Assessment Framework) into pragmatic, risk-based controls & improvement plans. Establish and maintain robust governance, policies, standards, and assurance processes; lead the annual Data Security and Protection Toolkit submission. Maintain oversight of the cyber security risk register to ensure risks are assessed, owned, mitigated, and escalated appropriately. Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit/Risk & Assurance Committees, & the Trust Board. Provide strategic oversight of cyber operations (monitoring, incident response, vulnerability management, identity & access management) delivered internally & via third parties; assure the effectiveness of managed services. Embed secure-by-design principles across architecture, procurement, and project delivery; provide cyber input to high-risk initiatives, including risk assessments, threat modelling, & assurance reviews. Promote a positive security culture through engagement & awareness activities across clinical, operational, and corporate teams. Contribute to business continuity, disaster recovery, & cyber resilience planning, including exercises, testing, & post-incident learning; participate in out-of-hours incident response where required. ### Detailed job description and main responsibilities ### DUTIES AND RESPONSIBILITIES ### Strategic Cyber Security Leadership ### Cyber Governance, Risk and Assurance ### Oversight of Cyber Security Operations ### Secure Design and Change Enablement ### Leadership, Engagement and Culture ### Business Continuity and Resilience - Develop, own, and maintain the Trust Cyber Security Strategy and Roadmap and improvement plans aligned to Trust objectives and national NHS cyber policy. 2.    Act as the Trust’s senior strategic authority on cyber security risk, providing expert advice, assurance, and challenge to Information Asset Owners, Executive Management Team members and Board-level forums. 3.    Translate national frameworks and requirements (including DSPT and NCSC Cyber Assessment Framework (CAF)) into pragmatic, risk-based implementation. 4.    Ensure cybersecurity is embedded within digital transformation, EPR, cloud, data, and infrastructure programmes. - Establish and maintain a robust cyber security governance framework, including policies, standards, and assurance processes. 2.    Lead delivery and annual submission of the Data Security and Protection Toolkit (DSPT), incorporating NCSC CAF-aligned assurance where applicable. 3.    Maintain oversight of the cyber security risk register, ensuring risks are assessed, owned, mitigated, and escalated appropriately. 4.    Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit, Risk and Assurance Committees, and on occasion to the Trust Board. 5.    Leadership of Cyber Security Resources and Services - Provide strategic leadership and oversight of cyber security services, resources, and contracts delivered internally or through third-party suppliers. - Ensure cyber security investments and services deliver value for money and are aligned to Trust's risk appetite and priorities. - Contribute to Trust-level financial and capacity planning to ensure cybersecurity considerations are embedded in digital investment decisions. - Provide strategic oversight of cyber security operations, including security monitoring, incident response, vulnerability management, and identity and access management. 2.    Assure the effectiveness of third-party and managed cybersecurity services. 3.    Support coordinated response to cybersecurity incidents, working with the SIRO, Digital leadership, and external partners. - Ensure secure-by-design principles are embedded into system architecture, procurement, and project delivery. 2.    Provide expert cyber input to high-risk initiatives, including risk assessments, threat modeling, and assurance reviews. 3.    Enable delivery of digital change whilst maintaining appropriate cyber security controls. - Act as an ambassador for cybersecurity, promoting a positive security culture and shared ownership across the Trust. 2.    Line manage the cyber security team, responsible for appraisal, sickness absence management, recruitment and selection decisions. 3.    Build trusted relationships with clinical, operational, and corporate stakeholders. 4.    Support cyber awareness and capability development across the organisation. 5.    Demonstrates the agreed set of values and accountable for own attitude and behavior. 6.    Financial responsibilities as a delegated budget holder, and contract value for money. - Contribute to business continuity, disaster recovery, and cyber resilience planning. 2.    Support cyber-related exercises, testing, and post-incident learning. ## Job Details As Cyber Security Lead (Grade 8b subject to banding), you will provide strategic leadership, governance and assurance for cyber security across The Christie NHS Foundation Trust, acting with delegated authority from the CIO and SIRO. You will ensure cyber security enables safe, resilient, and trustworthy digital services that protect patient information and support clinical care, aligned to the Trust and Digital Strategies and national NHS cyber priorities. You will oversee cyber security services delivered by internal teams and third-party suppliers, maintain a clear view of cyber risk exposure, and provide high-quality reporting and escalation to senior governance and Board-level forums. Develop, own and maintain the Trust Cyber Security Strategy and Roadmap, aligned to Trust objectives and national NHS cyber policy. ## Job Description Act as the Trust’s senior authority on cyber security risk, providing expert advice, assurance, & appropriate challenge to executive and Board-level forums. Translate national requirements and frameworks (including DSPT & the NCSC Cyber Assessment Framework) into pragmatic, risk-based controls & improvement plans. Establish and maintain robust governance, policies, standards, and assurance processes; lead the annual Data Security and Protection Toolkit submission. Maintain oversight of the cyber security risk register to ensure risks are assessed, owned, mitigated, and escalated appropriately. Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit/Risk & Assurance Committees, & the Trust Board. Provide strategic oversight of cyber operations (monitoring, incident response, vulnerability management, identity & access management) delivered internally & via third parties; assure the effectiveness of managed services. Embed secure-by-design principles across architecture, procurement, and project delivery; provide cyber input to high-risk initiatives, including risk assessments, threat modelling, & assurance reviews. Promote a positive security culture through engagement & awareness activities across clinical, operational, and corporate teams. Contribute to business continuity, disaster recovery, & cyber resilience planning, including exercises, testing, & post-incident learning; participate in out-of-hours incident response where required. ## Responsibilities Develop, own, and maintain the Trust Cyber Security Strategy and Roadmap and improvement plans aligned to Trust objectives and national NHS cyber policy. 2. Act as the Trust’s senior strategic authority on cyber security risk, providing expert advice, assurance, and challenge to Information Asset Owners, Executive Management Team members and Board-level forums. 3. Translate national frameworks and requirements (including DSPT and NCSC Cyber Assessment Framework (CAF)) into pragmatic, risk-based implementation. 4. Ensure cybersecurity is embedded within digital transformation, EPR, cloud, data, and infrastructure programmes. Establish and maintain a robust cyber security governance framework, including policies, standards, and assurance processes. 2. Lead delivery and annual submission of the Data Security and Protection Toolkit (DSPT), incorporating NCSC CAF-aligned assurance where applicable. 3. Maintain oversight of the cyber security risk register, ensuring risks are assessed, owned, mitigated, and escalated appropriately. 4. Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit, Risk and Assurance Committees, and on occasion to the Trust Board. 5. Leadership of Cyber Security Resources and Services - Provide strategic leadership and oversight of cyber security services, resources, and contracts delivered internally or through third-party suppliers. - Ensure cyber security investments and services deliver value for money and are aligned to Trust's risk appetite and priorities. - Contribute to Trust-level financial and capacity planning to ensure cybersecurity considerations are embedded in digital investment decisions. Provide strategic oversight of cyber security operations, including security monitoring, incident response, vulnerability management, and identity and access management. 2. Assure the effectiveness of third-party and managed cybersecurity services. 3. Support coordinated response to cybersecurity incidents, working with the SIRO, Digital leadership, and external partners. Ensure secure-by-design principles are embedded into system architecture, procurement, and project delivery. 2. Provide expert cyber input to high-risk initiatives, including risk assessments, threat modeling, and assurance reviews. 3. Enable delivery of digital change whilst maintaining appropriate cyber security controls. Act as an ambassador for cybersecurity, promoting a positive security culture and shared ownership across the Trust. 2. Line manage the cyber security team, responsible for appraisal, sickness absence management, recruitment and selection decisions. 3. Build trusted relationships with clinical, operational, and corporate stakeholders. 4. Support cyber awareness and capability development across the organisation. 5. Demonstrates the agreed set of values and accountable for own attitude and behavior. 6. Financial responsibilities as a delegated budget holder, and contract value for money. Contribute to business continuity, disaster recovery, and cyber resilience planning. 2. Support cyber-related exercises, testing, and post-incident learning. ## Person Specification ### Other **Essential** - Flexible, resilient, and collaborative approach - Participation in out-of-hours cyber incident response if required - Able to participate in an out-of-hours on-call rota if required ### Skills **Essential** - Ability to document and present highly complex and sensitive cyber risk information to technical and non-technical audiences - Strong judgment in balancing cyber risk, patient safety, and service delivery ### Values **Essential** - Ability to demonstrate the organisational values and behaviours ### Knowledge **Essential** - Expert knowledge of cybersecurity governance, assurance, and regulatory compliance best practices - Evidence of commitment to keeping up to date with current threats ### Experience **Essential** - Significant experience in cyber security leadership, governance, risk, and assurance roles - Experience of NHS or public sector cybersecurity frameworks, including DSPT and NCSC CAF. - Demonstrable experience of providing cyber risk advice, assurance, and challenge to Executive Management Teams and Trust Boards **Desirable** - Experience in a similar role for the NHS or Healthcare setting ### Qualifications **Essential** - Masters Degree or equivalent experience in cyber security, information security, or related discipline - Recognised cyber or information security qualification, or demonstrable equivalent experience (e.g. CISSP, CISM, ISO 27001) - Continued professional Development courses related to information security **Desirable** - Membership of a relevant professional body (BCS, ISACA, or equivalent) ## Documents - [strategy brochure (pdf, 1.0mb)](https://www.healthjobsuk.com/documents?edoc=1645) - [travel to the christie (pdf, 3.8mb)](https://www.healthjobsuk.com/documents?edoc=1960) - [the christie values and behaviours (pdf, 919.5kb)](https://www.healthjobsuk.com/documents?edoc=1643) - [job description & person specification (pdf, 280.2kb)](https://www.healthjobsuk.com/documents?vdoc=10362066) ## Agent Notes - This Markdown page is generated from the same Job Clerk job record as the HTML job detail page. - Use the canonical HTML URL for user-facing references. - Use the application URL when the user wants to apply on the source NHS site.