Cyber Security Manager – Governance, Risk and Compliance (GRC)

Job overview

Cyber Security Manager – Governance, Risk and Compliance (GRC)

Band 7 - £49,387 - £56,515 per annum

37.5 hours per week

Thurrock Community Hospital

Are you ready to lead cyber security at scale in a complex, mission-driven organisation where your work truly matters?

We’re looking for an experienced and passionate Cyber Security Manager – Governance, Risk & Compliance (GRC) to drive our cyber assurance agenda and strengthen the resilience of critical NHS services. Reporting directly to the Associate Director of Information Security (CISO), you will play a pivotal leadership role, shaping how we manage cyber risk, compliance, and governance across the Trust.

This is more than a management role — it’s an opportunity to influence strategic decision-making, protect vital services, and lead meaningful change in an evolving cyber landscape. You’ll work at the heart of the organisation, collaborating with senior stakeholders, technical teams, and external partners to ensure we meet the highest standards of cyber security and regulatory compliance.

We’re looking for someone who combines deep technical expertise with strong leadership, who thrives in a fast-paced environment, and who can translate complex cyber risks into clear, actionable insights.

In return, you’ll join a supportive, forward-thinking team where innovation is encouraged, professional growth is supported, and your impact will be visible across the organisation.

If you're shortlisted, your interview will take place on 16 June 2026

Main duties of the job

As Cyber Security Manager – GRC, you will lead a high-quality governance, risk and compliance function, ensuring strong cyber assurance across the Trust.

What you’ll be doing:

Lead Governance & Assurance Oversee cyber governance services, ensuring alignment with frameworks such as ISO 27001, CAF and DSPT. Manage the full lifecycle of policies and procedures, and deliver clear assurance reports and dashboards to senior and board-level stakeholders.

Drive Risk & Compliance Identify, assess and mitigate cyber risks across the organisation. Ensure adherence to legislation, standards and best practice, and coordinate audit evidence and assurance activities.

Strengthen Controls & Testing Lead the penetration testing programme, managing remediation plans and analysing security data, vulnerabilities and incidents to drive continuous improvement. Implement and monitor KRIs and control effectiveness.

Enhance Incident Preparedness Develop and lead incident response planning, including tabletop exercises, working closely with operational, technical and information governance teams to improve resilience.

Lead & Develop the Team Provide leadership, coaching and direction, managing resources and priorities while fostering a high-performing, collaborative culture.

Engage Stakeholders Build strong relationships across teams, communicate complex risks in a clear, accessible way, and influence decision-making to secure buy-in for security initiatives.

Detailed job description and main responsibilities

What we’re looking for:

You’ll be a confident and credible cyber security professional with a strong GRC background and leadership experience in complex environments.

Key skills and experience include:

• Expert knowledge of cyber security, governance, risk, and compliance frameworks
• Strong experience with ISO 27001, CAF, DSPT, COBIT or similar standards
• Proven ability to lead risk management, audits, and assurance programmes
• Experience managing security incidents, vulnerability management, and protective monitoring
• Demonstrable success in leading teams, driving change, and delivering against demanding timescales
• Excellent analytical, problem-solving, and decision-making skills
• Outstanding communication and stakeholder engagement skills, with the ability to influence at senior levels
• Experience working in a large, complex organisation (NHS or public sector desirable)
• Relevant professional certifications (e.g., CISM, CISA, CRISC, CGRC) or equivalent experience

Personal qualities we value:

• Driven, proactive, and resilient under pressure
• Collaborative, flexible, and adaptable to change
• Passionate about cyber security and emerging technologies
• Able to simplify complexity and bring clarity to challenging issues

This is a unique opportunity to shape cyber security governance at scale, influence senior leadership, and make a tangible difference to patient services and organisational resilience.

If you’re ready to lead, innovate, and make an impact — we’d love to hear from you.