Band 8d Head of Digital Security

Job summary

The Head of Digital Security will be responsible for the operational implementation of the Trust's Cyber Security strategy, ensuring the organisation's digital assets and data are protected against evolving cyber threats. Reporting to the Chief Digital Officer, the post holder will work closely with internal and external stakeholders to safeguard the Trust's infrastructure, digital and data assets and ensure compliance with industry standards and regulatory requirements.

Main duties of the job

• Incident Management
• Stakeholder Collaboration
• Governance, Risk, and Compliance (GRC)
• Industry Standards & Compliance
• Risk Management & Mitigation
• Security Awareness & Culture
• Representation & Advocacy
• Third-Party & Vendor Management
• Team Leadership & Development

Refer to Job description for more details.

About us

The Royal Free London NHS Foundation Trust is one of the UK's biggest and most innovative trusts. Across three main hospitals, our dedicated army of staff care for over 1.6 million patients, treat more than 200,000 in A&E, deliver over 8,000 babies and carry out more than 17 million tests.

Our size, scale and influence offer you unrivalled career opportunities and a forward-thinking approach to working that works around your lifestyle. From flexible hours and generous benefits, to next level training, we make it easier to take your career to the top

Details Date posted

08 May 2025

Pay scheme

Agenda for change

Band

Band 8d

Salary

£96,340 to £109,849 a year per annum inclusive of HCAS

Contract

Permanent

Working pattern

Full-time, Flexible working

Reference number

391-RFL-7154968

Job locations

Royal Free London NHS Foundation Trust

London

NW3 2QG

Job description Job responsibilities

Incident Management:

Lead the Trusts response to cyber incidents and service outages, ensuring rapid recovery and minimising disruption. Develop and maintain incident response plans, conduct post-incident reviews, and implement improvements based on lessons learned. Examples: Orchestrating the response to a ransomware attack by activating the incident response team, isolating affected systems, and working with external experts to recover data. Post-incident, reviewing logs and collaborating with all stakeholders to improve resilience and prevent future occurrences.

Stakeholder Collaboration:

Work closely with Digital Services teams such as network, server, endpoint management, patient information systems, technical operations, and information governance to ensure that security best practices are embedded throughout the organisation. Examples: Collaborating with the network team to ensure network segmentation and firewalls are properly configured to mitigate risks; working with patient system managers to secure medical devices and ensure they comply with cyber security standards, such as applying encryption and access controls for sensitive health records.

Governance, Risk, and Compliance (GRC):

Lead the implementation of GRC frameworks, ensuring robust administrative and technical controls are in place. Conduct regular internal and external audits to verify that data confidentiality, integrity, and availability (CIA) principles are being upheld. Cyber Assurance Framework (CAF) and other standard industry compliance standards such as ISO27001, NIS2 and NCSC Cyber Essentials. Responsible for the production and distribution of Monthly Information Security Reporting Examples: Managing the lifecycle of security policies and standards across the Trust, conducting quarterly GRC reviews, and implementing automated tools to monitor compliance. Regularly auditing access control policies and ensuring that only authorised personnel can access sensitive health information.Examples: Production of monthly IGG Security KPI Metrics

Industry Standards & Compliance:

Ensure compliance with key cyber security frameworks, such as the Cyber Assurance Framework (CAF), ISO27001, NIS2, and NCSC Cyber Essentials. Proactively identify and address gaps in compliance through process improvement and remediation plans. Examples: Leading initiatives to prepare for and pass ISO27001 certification audits by ensuring that all documented procedures, access controls, and security protocols are in line with certification requirements. Working with the compliance team to regularly update risk assessments and ensure adherence to NCSCs Cyber Essentials framework, particularly for critical infrastructure and patient data systems.

Risk Management & Mitigation:

Stay up to date with the latest cyber threats, vulnerabilities, and attack vectors. Develop and implement mitigation strategies such as timely patch management, system updates, and enhanced monitoring to ensure proactive defence mechanisms are in place. Examples: Monitoring threat intelligence feeds and deploying real-time threat monitoring tools like SIEM (Security Information and Event Management) solutions. Leading efforts to implement a vulnerability management program, prioritising patching schedules for critical systems, and coordinating with technical teams to ensure prompt remediation of vulnerabilities.

Security Awareness & Culture:

Foster a culture of cyber security awareness within the Trust. Design and deliver engaging training programs for staff at all levels, tailored to their specific roles and responsibilities. Promote best practices for handling sensitive data and minimising cyber risks. Examples: Rolling out mandatory security awareness training for all employees, including phishing simulation campaigns. Organising specialised workshops for clinical staff on safeguarding patient information, and creating resources such as posters, videos, and intranet content to highlight theimportance of secure passwords and data handling.

Representation & Advocacy:

Represent the Trust in regional and national cyber security forums and industry events, working closely with London and national partners to implement the NHSs cyber security objectives, including the five pillars of NHS cyber security. Examples: Participating in NHS Digitals national cyber security forums, contributing to discussions on healthcare-specific cyber threats and sharing best practices with other Trusts. Leading collaborative initiatives with regional partners to improve the NHSs overall cyber security posture, such as implementing shared threat intelligence systems or joint training sessions.

Third-Party & Vendor Management:

Manage relationships with third-party vendors and external organisations, ensuring that they adhere to the Trusts security policies. Review security controls for external systems and vendors that interact with the Trusts IT infrastructure to reduce supply chain risks. Examples: Conducting third-party risk assessments and ensuring that vendors providing critical systems, such as medical devices or cloud-based patient data systems, meet NHS security standards. Working with procurement to ensure security requirements are integrated into contracts and SLAs, and conducting regular security reviews with third-party vendors.

Incident Management:

Lead the Trusts response to cyber incidents and service outages, ensuring rapid recovery and minimising disruption. Develop and maintain incident response plans, conduct post-incident reviews, and implement improvements based on lessons learned. Examples: Orchestrating the response to a ransomware attack by activating the incident response team, isolating affected systems, and working with external experts to recover data. Post-incident, reviewing logs and collaborating with all stakeholders to improve resilience and prevent futureoccurrences.

Team Leadership & Development:

Lead, mentor, and develop the Cyber Security team, ensuring continuous professional development in defensive and offensive cyber security skills. Create a clear development pathway for team members, encouraging certification and advanced training in relevant areas. Examples: Organising training sessions and certifications for the team, such as CISSP (Certified Information Systems Security Professional) or CEH (Certified Ethical Hacker). Supporting the development of specialist skills within the team, such as advanced threat hunting or penetration testing, and ensuring that team members have opportunities to attend industry conferences and seminars.

Job description Job responsibilities

Incident Management:

Lead the Trusts response to cyber incidents and service outages, ensuring rapid recovery and minimising disruption. Develop and maintain incident response plans, conduct post-incident reviews, and implement improvements based on lessons learned. Examples: Orchestrating the response to a ransomware attack by activating the incident response team, isolating affected systems, and working with external experts to recover data. Post-incident, reviewing logs and collaborating with all stakeholders to improve resilience and prevent future occurrences.

Stakeholder Collaboration:

Work closely with Digital Services teams such as network, server, endpoint management, patient information systems, technical operations, and information governance to ensure that security best practices are embedded throughout the organisation. Examples: Collaborating with the network team to ensure network segmentation and firewalls are properly configured to mitigate risks; working with patient system managers to secure medical devices and ensure they comply with cyber security standards, such as applying encryption and access controls for sensitive health records.

Governance, Risk, and Compliance (GRC):

Lead the implementation of GRC frameworks, ensuring robust administrative and technical controls are in place. Conduct regular internal and external audits to verify that data confidentiality, integrity, and availability (CIA) principles are being upheld. Cyber Assurance Framework (CAF) and other standard industry compliance standards such as ISO27001, NIS2 and NCSC Cyber Essentials. Responsible for the production and distribution of Monthly Information Security Reporting Examples: Managing the lifecycle of security policies and standards across the Trust, conducting quarterly GRC reviews, and implementing automated tools to monitor compliance. Regularly auditing access control policies and ensuring that only authorised personnel can access sensitive health information.Examples: Production of monthly IGG Security KPI Metrics

Industry Standards & Compliance:

Ensure compliance with key cyber security frameworks, such as the Cyber Assurance Framework (CAF), ISO27001, NIS2, and NCSC Cyber Essentials. Proactively identify and address gaps in compliance through process improvement and remediation plans. Examples: Leading initiatives to prepare for and pass ISO27001 certification audits by ensuring that all documented procedures, access controls, and security protocols are in line with certification requirements. Working with the compliance team to regularly update risk assessments and ensure adherence to NCSCs Cyber Essentials framework, particularly for critical infrastructure and patient data systems.

Risk Management & Mitigation:

Stay up to date with the latest cyber threats, vulnerabilities, and attack vectors. Develop and implement mitigation strategies such as timely patch management, system updates, and enhanced monitoring to ensure proactive defence mechanisms are in place. Examples: Monitoring threat intelligence feeds and deploying real-time threat monitoring tools like SIEM (Security Information and Event Management) solutions. Leading efforts to implement a vulnerability management program, prioritising patching schedules for critical systems, and coordinating with technical teams to ensure prompt remediation of vulnerabilities.

Security Awareness & Culture:

Foster a culture of cyber security awareness within the Trust. Design and deliver engaging training programs for staff at all levels, tailored to their specific roles and responsibilities. Promote best practices for handling sensitive data and minimising cyber risks. Examples: Rolling out mandatory security awareness training for all employees, including phishing simulation campaigns. Organising specialised workshops for clinical staff on safeguarding patient information, and creating resources such as posters, videos, and intranet content to highlight theimportance of secure passwords and data handling.

Representation & Advocacy:

Represent the Trust in regional and national cyber security forums and industry events, working closely with London and national partners to implement the NHSs cyber security objectives, including the five pillars of NHS cyber security. Examples: Participating in NHS Digitals national cyber security forums, contributing to discussions on healthcare-specific cyber threats and sharing best practices with other Trusts. Leading collaborative initiatives with regional partners to improve the NHSs overall cyber security posture, such as implementing shared threat intelligence systems or joint training sessions.

Third-Party & Vendor Management:

Manage relationships with third-party vendors and external organisations, ensuring that they adhere to the Trusts security policies. Review security controls for external systems and vendors that interact with the Trusts IT infrastructure to reduce supply chain risks. Examples: Conducting third-party risk assessments and ensuring that vendors providing critical systems, such as medical devices or cloud-based patient data systems, meet NHS security standards. Working with procurement to ensure security requirements are integrated into contracts and SLAs, and conducting regular security reviews with third-party vendors.

Incident Management:

Lead the Trusts response to cyber incidents and service outages, ensuring rapid recovery and minimising disruption. Develop and maintain incident response plans, conduct post-incident reviews, and implement improvements based on lessons learned. Examples: Orchestrating the response to a ransomware attack by activating the incident response team, isolating affected systems, and working with external experts to recover data. Post-incident, reviewing logs and collaborating with all stakeholders to improve resilience and prevent futureoccurrences.

Team Leadership & Development:

Lead, mentor, and develop the Cyber Security team, ensuring continuous professional development in defensive and offensive cyber security skills. Create a clear development pathway for team members, encouraging certification and advanced training in relevant areas. Examples: Organising training sessions and certifications for the team, such as CISSP (Certified Information Systems Security Professional) or CEH (Certified Ethical Hacker). Supporting the development of specialist skills within the team, such as advanced threat hunting or penetration testing, and ensuring that team members have opportunities to attend industry conferences and seminars.

Person Specification Education & professional Qualifications Essential

• Minimum of a Masters degree level qualification relevant to the role or demonstrable equivalent level of experience
• Relevant IT security certifications (e.g., CISSP, CISM, CISA, CRISC, CSSP)
• Extensive experience in IT security management.

Desirable

• Vendor qualifications (MS, VMWare, CISCO)
• Project management qualification or relevant experience
• Certified Ethical Hacker

Experience Essential

• Significant experience in security management within a complex organization, preferably in healthcare
• Understanding of the NHS environment and its specific security challenges
• Experience producing business cases and executive/board papers.
• Extensive experience of all aspects of people management, from recruitment to dealing with disciplinary matters
• Highly developed and expert knowledge of digital best practice and procedures
• Excellent understanding of information security and information governance
• Extensive working knowledge of current practices and issues in the cyber field
• Significant knowledge and experience of applying budgeting, benefits tracking and demand management principles to both capital and revenue allocations

Person Specification Education & professional Qualifications Essential

• Minimum of a Masters degree level qualification relevant to the role or demonstrable equivalent level of experience
• Relevant IT security certifications (e.g., CISSP, CISM, CISA, CRISC, CSSP)
• Extensive experience in IT security management.

Desirable

• Vendor qualifications (MS, VMWare, CISCO)
• Project management qualification or relevant experience
• Certified Ethical Hacker

Experience Essential

• Significant experience in security management within a complex organization, preferably in healthcare
• Understanding of the NHS environment and its specific security challenges
• Experience producing business cases and executive/board papers.
• Extensive experience of all aspects of people management, from recruitment to dealing with disciplinary matters
• Highly developed and expert knowledge of digital best practice and procedures
• Excellent understanding of information security and information governance
• Extensive working knowledge of current practices and issues in the cyber field
• Significant knowledge and experience of applying budgeting, benefits tracking and demand management principles to both capital and revenue allocations

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details Employer name

Royal Free London NHS Foundation Trust

Address

Royal Free London NHS Foundation Trust

London

NW3 2QG

Employer's website

https://www.royalfreelondonjobs.co.uk/ (Opens in a new tab)

Employer details Employer name

Royal Free London NHS Foundation Trust

Address

Royal Free London NHS Foundation Trust

London

NW3 2QG

Employer's website

https://www.royalfreelondonjobs.co.uk/ (Opens in a new tab)