# ICT Head of Cyber Security

> NHS job listing from Job Clerk for King's College Hospital NHS Foundation Trust.

## Canonical URLs

- **HTML:** https://www.jobclerk.com/job/ict-head-of-cyber-security/383a962f-b939-4b4c-a158-9f304266ea85
- **Markdown:** https://www.jobclerk.com/job/ict-head-of-cyber-security/383a962f-b939-4b4c-a158-9f304266ea85.md

## Summary

- **Status:** Live
- **Employer:** King's College Hospital NHS Foundation Trust
- **Town:** London
- **Region:** London
- **Country:** England
- **Profession:** Estates and facilities
- **Grade:** Band 8
- **Salary:** £75,328 - £86,114 per annum, including high cost allowance
- **Contract type:** Permanent
- **Employment type:** Full time - 37.5 hours per week
- **Closing date:** 2026-06-18T23:59:00.000Z
- **Posted:** 2026-06-04T16:01:05.783Z
- **Source information URL:** https://www.healthjobsuk.com/job/UK/London/London/Kings_College_Hospital_NHS_Foundation_Trust/ICT_Cyber_Security/ICT_Cyber_Security-v8004703
- **Application URL:** https://apps.trac.jobs/job-advert/8004703?ShowJobAdvert=&feedid=9002
- **Employer website:** https://www.kch.nhs.uk

## Job Content

### Job overview

The ICT Head of Cyber Security will act as the Trusts expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.

The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to working towards and maintaining Cyber Essentials Plus and ISO27001 certification. The post holder will work closely with a range of ICT departments, plus key stake holders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information governance committee. Close working relationships with other Trusts and external organisations will be required

### Main duties of the job

Lead strategic planning for current and future IT security solutions, aligning with best practice and emerging technologies

Collaborate with teams to ensure compliance with security standards..

Lead on internal and external audits and audit preparation relating to IT security

Maintain compliance with standards including DSPT, CareCERT, Cyber Essentials+, NIS, and ISO 27001

Act as the Trusts advisor on cyber security protection, detection, response and recovery

Develop and advise on implementing policies, procedures, and guidance for cyber and IT security systems and processes

Advise ICT senior leaders to shape a robust IT security service across the department and its systems

Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence

Work with the Technical teams to maintain all security tools and technology used in the department

Work with technical teams to deliver and manage cyber security and compliance across internal and externally hosted systems

Undertake scoping and delivery of penetration tests and ensure actions are resolved

Supporting wider IT functions in the evaluation and implementation of new technology and controls

Defining and documenting a security incident response program

Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements

Produce a monthly cyber security KPI report for the Trust Information Governance Committee and ICT senior leaders

### Detailed job description and main responsibilities

Policy and Service Development

- Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.
- Draft, develop, implement and maintain a portfolio of polices relating to all aspects of Cyber Security within ICT.
- Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.
- Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.
- Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures
- Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.
- Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process
- Manage the Change Control process withing the ICT department

Financial and Physical Resources

- Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.
- Advise departments on the security of IT equipment.
- Monitor and advice on software licence compliance in association with the Software Asset Manager.
- Advice and guidance on the purchase of IT security equipment.
- Exercise duty of care when using Trust equipment i.e. computers and software.
- Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.

Research and Development

- Regularly researches into security developments and requirements, linking into national forums and support from the National Cyber security Centre.
- Regularly researches Virus and security alerts provided by NHS information security service.
- Keeping up to date with developments in IT Infrastructure and related technologies.
- Contribute to the ICT Cyber security approach and strategy.
- To undertake surveys and compliance audits determined by legislation and national guidelines, using both on-line and developed information systems when necessary, to ascertain scores against the standards.

Staff Management

- Line management of the technical staff within the cyber security team. Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
- Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust's Disciplinary or Performance Procedures where formal action is necessary.
- Ensuring that working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy
- Observing and continually promoting equal opportunities in compliance with the Trust's policies and values.
- Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.

Communication

- Ability to communicate highly complex issues to a wide range of non-technical end users from multiple backgrounds and organisations, including “difficult” users
- Must have excellent documentation writing skills to create and develop processes and procedures relating to the services delivered by the cyber security team.
- Ability to communicate effectively with 3rd party vendors around the Trust cyber security requirements.
- Excellent interpersonal skills, building effective professional relationships with end users, departmental system administrators and departmental managers
- Ability to perform as an effective team player, and on own initiative
- Providing training to groups (large and small) and provides ad-hoc advice to other support staff
- Effective communication skills, both verbal and written, are essential with the post holder expected to liaise with individuals at all levels of the Trust, Board level to lower grade staff
- Provide expert advice to line manager on all matters relating to cyber security impact.

Project Management

- Apply industry standard project management approaches to the implementation of all cyber security deployment work with the Trust projects and programme team.
- Together with Trust teams to ensure a programme to deliver inductions messages to ensure that core training on statutory subjects meet the needs of the information security and cyber security requirements.
- Planning and management of a range of cyber security groups and forums such as the ATP group, unsupported systems group, ICT security reviews group and patch management group.
- Planning and management of the Trust Cyber security risk register as part of the wider ICT risks and their link to the Trust risks.
- To maintain the agreed work program with the team and ensuring through time management and objective setting that targets are achieved.

People Management and Performance

- Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.
- Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.
- Ensure the team is compliance with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.
- Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at keep to the highest possible level.
- Identify and fill any vacancies that arise within the team in line with the Trust’s recruitment policy and process.
- Identify talent and support the internal talent management process in order attract and retain and succession plan for your people.
- Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.
- Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.

General

- The post holder has a general duty of care for their own health, safety and wellbeing and that of work colleagues, visitors and patients within the hospital, in addition to any specific risk management or clinical governance accountabilities associated with this post.
- To observe the rules, policies, procedures and standards of King's College Hospital NHS Foundation Trust together with all relevant statutory and professional obligations.
- We want to be an organisation where everyone shares a commitment to delivering the very best care and feels like their contribution is valuable and valued.
- At King’s we are a kind, respectful team:

Kind. We show compassion and understanding and bring a positive attitude to our work

Respectful. We promote equality, are inclusive and honest, speaking up when needed

Team. We support each other, communicate openly, and are reassuringly professional

- To observe and maintain strict confidentiality of personal information relating to patients and staff.
- To be responsible, with management support, for their own personal development and to actively contribute to the development of colleagues.
- This job description is intended as a guide to the general scope of duties and is not intended to be definitive or restrictive. It is expected that some of the duties will change over time and this description will be subject to review in consultation with the post holder.
- All employees must hold an 'nhs.net' email account which will be the Trust's formal route for email communication.
- Everyone is responsible for promoting inclusion no matter their role or team. At King’s, we want to create an environment where everyone feels valued, respected and welcomed

## Job Details

The ICT Head of Cyber Security will act as the Trusts expert on cyber security protection, detection, response, and recovery. The ICT Head of Cyber Security will be responsible for the strategic approach to cyber threat management, the strategic planning of current and future IT security solutions. The post holder will manage, support and develop the Trust cyber security team.

The ICT Head of Cyber Security will own and be responsible for the completion of parts of the Data Security Assessment Toolkit in relation to ICT cyber security obligations in addition to working towards and maintaining Cyber Essentials Plus and ISO27001 certification. The post holder will work closely with a range of ICT departments, plus key stake holders in the Trust such as the Head of IG, the Trust SIRO and the Trust Information governance committee. Close working relationships with other Trusts and external organisations will be required

## Job Description

Lead strategic planning for current and future IT security solutions, aligning with best practice and emerging technologies

Collaborate with teams to ensure compliance with security standards..

Lead on internal and external audits and audit preparation relating to IT security

Maintain compliance with standards including DSPT, CareCERT, Cyber Essentials+, NIS, and ISO 27001

Act as the Trusts advisor on cyber security protection, detection, response and recovery

Develop and advise on implementing policies, procedures, and guidance for cyber and IT security systems and processes

Advise ICT senior leaders to shape a robust IT security service across the department and its systems

Monitor incidents and take appropriate actions to correct, notify and prevent reoccurrence

Work with the Technical teams to maintain all security tools and technology used in the department

Work with technical teams to deliver and manage cyber security and compliance across internal and externally hosted systems

Undertake scoping and delivery of penetration tests and ensure actions are resolved

Supporting wider IT functions in the evaluation and implementation of new technology and controls

Defining and documenting a security incident response program

Respond to High priority NHS Digital Care Cert alerts in line with NHS Digital requirements

Produce a monthly cyber security KPI report for the Trust Information Governance Committee and ICT senior leaders

## Responsibilities

Policy and Service Development

Maintain, update and implement Trust policies in scope of the ICT department covering all aspects of information security and Cyber activities.

Draft, develop, implement and maintain a portfolio of polices relating to all aspects of Cyber Security within ICT.

Ensure compliance with Trust policy and procedures are fully supported in forums such as the Trust unsupported systems group, the Trust ATP management group, patch management groups and any other future forums.

Provide expertise around Cyber Security for the purchase of new systems and applications via the Trust ICT PMO processes and procurement. Ensure all new systems and applications to be deployed across the estate have a full security review and sign off before proceeding to go-live.

Carry out Continual Service Improvement (CSI) of existing Trust processes and procedures

Identify, propose and implement any changes to practices, procedures required in departmental and user environment to improve service levels.

Ensuring that all cyber security risks are updated and managed via the Trust risk and issues process

Manage the Change Control process withing the ICT department

Financial and Physical Resources

Revenue and staffing budget holder for IT Security, including procurement of physical assets or supplies and capital expenditure.

Advise departments on the security of IT equipment.

Monitor and advice on software licence compliance in association with the Software Asset Manager.

Advice and guidance on the purchase of IT security equipment.

Exercise duty of care when using Trust equipment i.e. computers and software.

Advise ICT senior leaders group on the most cost effective method for maintaining the integrity and security of data and equipment.

Research and Development

Regularly researches into security developments and requirements, linking into national forums and support from the National Cyber security Centre.

Regularly researches Virus and security alerts provided by NHS information security service.

Keeping up to date with developments in IT Infrastructure and related technologies.

Contribute to the ICT Cyber security approach and strategy.

To undertake surveys and compliance audits determined by legislation and national guidelines, using both on-line and developed information systems when necessary, to ascertain scores against the standards.

Staff Management

Line management of the technical staff within the cyber security team. Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.

Ensuring performance issues are dealt with in an appropriate and timely manner and follow the Trust's Disciplinary or Performance Procedures where formal action is necessary.

Ensuring that working practice complies with the Trust's policies and procedures for Data Protection, Confidentiality and Health and Safety ensuring the environment in which you and your staff work is safe, clean and tidy

Observing and continually promoting equal opportunities in compliance with the Trust's policies and values.

Developing team morale and motivation through effective personal leadership, ensuring views and decisions are communicated both up and down the management structure.

Communication

Ability to communicate highly complex issues to a wide range of non-technical end users from multiple backgrounds and organisations, including “difficult” users

Must have excellent documentation writing skills to create and develop processes and procedures relating to the services delivered by the cyber security team.

Ability to communicate effectively with 3rd party vendors around the Trust cyber security requirements.

Excellent interpersonal skills, building effective professional relationships with end users, departmental system administrators and departmental managers

Ability to perform as an effective team player, and on own initiative

Providing training to groups (large and small) and provides ad-hoc advice to other support staff

Effective communication skills, both verbal and written, are essential with the post holder expected to liaise with individuals at all levels of the Trust, Board level to lower grade staff

Provide expert advice to line manager on all matters relating to cyber security impact.

Project Management

Apply industry standard project management approaches to the implementation of all cyber security deployment work with the Trust projects and programme team.

Together with Trust teams to ensure a programme to deliver inductions messages to ensure that core training on statutory subjects meet the needs of the information security and cyber security requirements.

Planning and management of a range of cyber security groups and forums such as the ATP group, unsupported systems group, ICT security reviews group and patch management group.

Planning and management of the Trust Cyber security risk register as part of the wider ICT risks and their link to the Trust risks.

To maintain the agreed work program with the team and ensuring through time management and objective setting that targets are achieved.

People Management and Performance

Lead, coach and manage the performance of the team in line with good people management practices. Ensuring excellence is recognised and underperformance is addressed.

Participate in regular performance appraisal meetings and ensure each member of the team has a clear set of objectives and development plans.

Ensure the team is compliance with all statutory, mandatory training together with any professional training requirements, ensuring they are up to date and fully compliant.

Manage team absences including sickness in line with Trust policy ensuring the appropriate return to work meetings occur, e-roster is updated and productivity is at keep to the highest possible level.

Identify and fill any vacancies that arise within the team in line with the Trust’s recruitment policy and process.

Identify talent and support the internal talent management process in order attract and retain and succession plan for your people.

Review skills mix at regular intervals in order to identify any potential opportunities to maximise resource utilisation / allocation, ensuring job descriptions are kept up to date.

Ensure overall wellbeing of the team is maintained. Continuously support in improving the morale of the team and implementing a culture of zero-tolerance for bullying and harassment.

General

The post holder has a general duty of care for their own health, safety and wellbeing and that of work colleagues, visitors and patients within the hospital, in addition to any specific risk management or clinical governance accountabilities associated with this post.

To observe the rules, policies, procedures and standards of King's College Hospital NHS Foundation Trust together with all relevant statutory and professional obligations.

We want to be an organisation where everyone shares a commitment to delivering the very best care and feels like their contribution is valuable and valued.

At King’s we are a kind, respectful team:

Kind. We show compassion and understanding and bring a positive attitude to our work

Respectful. We promote equality, are inclusive and honest, speaking up when needed

Team. We support each other, communicate openly, and are reassuringly professional

To observe and maintain strict confidentiality of personal information relating to patients and staff.

To be responsible, with management support, for their own personal development and to actively contribute to the development of colleagues.

This job description is intended as a guide to the general scope of duties and is not intended to be definitive or restrictive. It is expected that some of the duties will change over time and this description will be subject to review in consultation with the post holder.

All employees must hold an 'nhs.net' email account which will be the Trust's formal route for email communication.

Everyone is responsible for promoting inclusion no matter their role or team. At King’s, we want to create an environment where everyone feels valued, respected and welcomed

## Person Specification

### Knowledge and Experience

**Essential**

- Broad based technical knowledge covering all aspects of infrastructure from networking, end user devices through to servers and data centres.
- Ability to converse fluently, logically and confidently with a wide range of levels of staff; possess good interpersonal and communication skills.
- Broad experience using a range of cyber security software and applications (Access control software, anti-virus software, network monitoring tools, Microsoft security features, PAMs, internet monitoring tools, email monitoring tools).
- Experience of working in an NHS cyber security regulatory environments or similar organisations.
- Staff management and development experience of complex technical teams.

### Education and Qualifications

**Essential**

- Educated to Degree Level or significant Cyber Security Experience plus Master’s Level or equivalent experience.
- Hold and retain a security industry recognised qualification (HCISSP, CISSP, CISM, CISA, CRISC, CSSP).

**Desirable**

- ITIL Foundation, Prince 2 Foundation. Knowledge of the full product development lifecycle

### Professional / Technical / Innovative Skills

**Essential**

- Excellent communication, interpersonal and influencing skills.

## Documents

- [denmark hill site map (pdf, 1.2mb)](https://www.healthjobsuk.com/documents?edoc=606)
- [princess royal (pruh) site map (pdf, 1.4mb)](https://www.healthjobsuk.com/documents?edoc=607)
- [agenda for change salary 26-27 (pdf, 44.7kb)](https://www.healthjobsuk.com/documents?edoc=3032)
- [head of ict cyber security jd (pdf, 344.4kb)](https://www.healthjobsuk.com/documents?vdoc=10290778)
- [visa and sponsorship information (pdf, 344.6kb)](https://www.healthjobsuk.com/documents?edoc=2817)

## Agent Notes

- This Markdown page is generated from the same Job Clerk job record as the HTML job detail page.
- Use the canonical HTML URL for user-facing references.
- Use the application URL when the user wants to apply on the source NHS site.