Cyber Security Manager

This role provides strategic and operational leadership for cyber security across complex NHS digital environments. The post holder will oversee the delivery and continual improvement of cyber defence capabilities, ensuring protection of critical IT systems, data, and services. Working within a national team, they will coordinate activities across multiple sites, manage security operations, and maintain compliance with national policy, standards, and frameworks. The role requires technical expertise, strong leadership, and collaboration across technical, clinical, and business functions to enhance digital resilience and safeguard patient care.

This is a hybrid role, with regular office attendance required at DHCW sites to support operational and team activities.

Lead and manage cyber security operations, ensuring the effective use of Security Information and Event Management (SIEM) systems, access controls, and incident response tools. Oversee the monitoring, investigation, and resolution of security incidents and vulnerabilities. Support delivery of national cyber initiatives, policies, and reporting requirements. Provide expert guidance on threat management, risk mitigation, and service improvement. Collaborate with internal and external partners to strengthen system security, resilience, and compliance. Contribute to workforce development through coaching and mentoring.

The ability to speak Welsh is desirable for this post; English and/or Welsh speakers are equally welcome to apply.

Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.

Develop, implement, and maintain security policies, processes, and technical controls across the organisation. Lead investigations into cyber incidents and coordinate remedial actions. Ensure systems and data are protected in line with national standards and governance frameworks. Manage and optimise cyber tooling and automation to improve detection and response. Provide professional advice to senior leaders and stakeholders on emerging threats and technology change. Support staff awareness and training, fostering a strong security culture throughout the organisation.

• Educated to degree (or equivalent qualification / experience) in an associated professional field.
• Practical experience, working at this level, across the range of work procedures and practices.
• Evidence of continuous professional development.

Desirable

• Professional Registration with a relevant informatics professional body.
• FEDIP Practitioner, or equivalent recognised Intermediate level Professional qualification.

• Experience of successfully leading a team, to manage, coordinate and improve the security activities and resources for the IT systems and applications within a large complex organisation.
• Previous experience in managing Security Information and Event Management (SIEM) systems

• Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
• Able to work flexibly in a hybrid working environment.
• Travel throughout Wales between sites, as required by the job.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the .

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement.

Digital Health and Care Wales

Hybrid working - Ty Glan Yr Afon

To be decided at interview

CF11 9AD

Employer's website