Deputy Chief Digital Information Officer–Cyber & Information Security

Job overview

As a key member of the Group Digital Services Leadership Team, the Deputy Chief Digital Information Officer for Cyber & Information Security provides strategic leadership and executive assurance for cyber security, information security, and digital resilience across the hospital group.

The post holder will play a central role in delivering our vision of outstanding care, ensuring that digital services are secure, resilient, and trusted. They will enable safe and reliable care delivery by protecting critical systems and information, reducing cyber and information risk, and embedding security‑by‑design principles across digital transformation and operational services.

Operating in a complex and evolving threat landscape, the role will drive collaboration across clinical, operational, and digital teams to ensure cyber resilience supports care delivery in the right place, at the right time, and that the organisation meets national regulatory, assurance, and resilience expectations.

Main duties of the job

The Deputy Chief Digital Information Officer (Cyber & Information Security) will provide strategic leadership and operational oversight across the following core areas:

• Cyber Security & Resilience Lead the Group’s cyber security and resilience strategy, providing executive oversight of threat management, incident response and recovery. Embed security‑by‑design and resilience‑by‑design principles across all digital services to support safe, reliable care.
• Information Security & Assurance Provide executive leadership for information security, ensuring compliance with NHS standards including DSPT and NIS Regulations. Oversee security architecture, access controls and third‑party assurance across on‑premise, cloud and managed services.
• Governance, Risk & Compliance Maintain effective cyber and information security governance, delivering clear assurance to the Board and Executive teams. Lead cyber risk management in line with corporate processes and represent the organisation in regional and national forums.
• Strategic Leadership Deputise for the Group Chief Digital Information Officer and work closely with Trust COOs and Executives to embed cyber resilience into operational decision‑making. Shape Group and system‑level cyber priorities aligned to organisational objectives and national guidance.

Detailed job description and main responsibilities

Cyber Security & Resilience

• Lead the development and delivery of the Group‑wide cyber security and cyber resilience strategy.
• Provide executive oversight of cyber threat management, detection, response, and recovery arrangements.
• Ensure robust incident management, escalation and learning processes for cyber security events.
• Champion security‑by‑design and resilience‑by‑design principles across all digital programmes and services.

Information Security & Assurance

• Provide executive leadership for information security, ensuring the confidentiality, integrity and availability of data and systems.
• Assure compliance with NHS cyber and information security standards, including DSPT, NIS Regulations, and relevant national frameworks.
• Oversee technical security architecture, identity and access management, and security controls across on‑premise, cloud and managed services.
• Lead assurance activity in relation to suppliers, shared services and third‑party risk.

Governance, Risk & Compliance

• Establish and maintain effective cyber and information security governance arrangements across the Group.
• Provide clear, evidence‑based assurance to the Board, Audit Committee and Executive colleagues.
• Lead cyber and information security risk management, ensuring alignment with corporate risk processes.
• Represent the organisation in regional and national cyber security and digital assurance forums.

Strategic Leadership & Relationships

• Act as a deputy to the Group Chief Digital Information Officer, including representing the Group in senior internal and external forums.
• Work in close partnership with Trust COOs and Executive leads to ensure cyber resilience is embedded into operational decision‑making.
• Influence and shape Group, ICS and regional cyber security priorities through collaboration and leadership.
• Define, develop and embed the cyber and information security strategy, aligned to organisational objectives and national guidance.