Health & Care System Cyber Security Compliance Lead - Joint Cyber Unit | NHS England

The Joint Cyber Unit (JCU) is a collaboration between the Department of Health and Social Care (DHSC) and NHS England (NHSE). The JCU is embedded within the Digital Policy Unit (DPU), a unit comprising both DHSC staff and NHSE staff intended to design, plan and build a digitally enabled, data driven and safe health and social care system with ministers and the NHS. The purpose of the JCU is to provide strategic leadership in cyber security across the health and care sector, assure the cyber security of the sector, act as system stewards to improve cyber resilience across the health and care system and to provide advice which empowers health and care staff to share information appropriately and securely to deliver care. The JCU is comprised of two divisions: Governance, Risk and Compliance – cyber and information governance, system engagement, system compliance, system supply chain, system risk management and internal JCU business operations; Strategy and Policy – development and implementation of national strategy, policy and regulation.

The Compliance and Engagement team monitors performance and assesses cyber security compliance of organisations across the Health and Care landscape, identifying where organisations need more support through providing evidence-based confidence in the effectiveness of cyber security controls, processes and systems.

• Evaluate compliance against statutory, regulatory and NHS requirements such as the Data Security and Protection Toolkit (DSPT), Network and Information Systems (NIS) Regulations and national security policies.
• Engage with NHSE regional cyber leads to understand drivers, blockers and emerging incidents related to cyber security.
• Develop strategies and supports Board level decision making by presenting findings aligned to business risk and impact.
• Develop strategies to support remediation work across the health and care system supporting organisations to improve their cyber security maturity.
• Monitor performance of organisations across Health and Care, identifying organisations where more support is needed and unblocks access to further support through funding, national services, regulation or engagement.
• Analyse and report on compliance performance across the system identifying trends and common areas of weakness across the system.

The NHS England board has set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all. This will inform the detailed design work, and we will achieve this purpose by enabling local systems and providers to improve health, reduce health inequalities, making the NHS a great place to work, ensuring the healthcare workforce has the right knowledge and skills, optimising the use of digital technology, and delivering value for money.

If you would like to know more or require further information, please visit https://www.england.nhs.uk/.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person. Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band. If you are successful at interview, we will run an Inter Authority Transfer (IAT) in the Electronic Staff Record system (ESR). This transfer gathers valuable information from a previous or current NHS employer to support the onboarding process, including; statutory and mandatory competency status, Continuous Service Dates (CSD), and annual leave entitlement. You will have the opportunity throughout the recruitment process to inform us if you do not consent.

Health and Care System Cyber Security Compliance Lead Within the Joint Cyber Unit, you will work as part of a dynamic team delivering an effective service supporting cyber security risk reduction across the health and care system. You will lead the provision of an efficient, effective, and high quality professional and well-coordinated system wide health and care cyber security compliance service capable of meeting statutory, regulatory and NHS requirements ensuring alignment with the activity of the organisation.

• Provide team leadership and subject matter expertise in security compliance.
• Oversee team workload and capacity, collaborating with other leaders to align resources and priorities.
• Lead the delivery of a responsive, high quality cyber security compliance service.
• Drive remediation of cross-cutting security issues through the design and continuous delivery of security improvement plans.
• Partner with regional stakeholders to strengthen cyber maturity and organisational resilience.
• Coordinate cyber security compliance activities across a diverse stakeholder base to drive meaningful security improvement and maintain clear lines of communication.
• Scope and assess the security posture of Health and Care Organisations taking an evidence based approach.
• Develop and manage security compliance metrics to inform evidence based decision making.
• Lead compliance activities aligned with key frameworks and legislation such as: NCSC CAF, NIS Regulations, and the DSPT.
• Provide cyber security expertise supporting the development, implementation, and monitoring of the compliance service.
• Provide comprehensive compliance plans and progress reports to the relevant Boards as per the agreed reporting schedule and on an ad hoc basis as required.
• Work closely with other leads and sponsor directors to ensure interdependencies across all compliance areas are considered and actions aligned.
• Manage the day-to-day activities of the compliance service as well as contribute specialist knowledge to develop effective strategy and operational policies.
• Engage with key strategic regional and national policy makers to inform development of strategy and policies.
• Identify examples of national and international best practice and ensure benefits from relevant innovations in healthcare are realised.
• Develop and champion new initiatives or projects as necessary.
• Ensure that the team members work cohesively within the team and with other programmes.
• Provide leadership, direction, and support to ensure a consistent approach through programme management to delivering organisational objectives.

The post of Health and Care System Cyber Compliance Lead has been awarded a Recruitment and Retention Premia (RRP) in response to current labour market conditions. In recognition of this, the role attracts an additional monthly RRP payment equal to 30% per annum. Please be aware that RRP is non-contractual and subject to review. Please note that the reason for the fixed term of this contract is covering vacancy.

National Security Vetting: Important residency requirements apply. All NHS England Cyber Security personnel must hold SC level as a minimum. For National Security Vetting, SC clearances require 5 years continuous UK residency (in some cases reduced to 3 years with additional overseas checks for the previous two years). Candidates who were posted abroad for service with HM Government or within a UK government role will be considered. You must meet these requirements before applying. If you do not obtain SC after offer, the job offer will be withdrawn. For guidance, see GOV.UK: National Security Vetting Clearance Levels; and contact england.securityvetting@nhs.net for further information.

You can find more details about the role, including key responsibilities and accountabilities, in the attached Job Description and supporting documents.

Secondments: NHS applicants will be offered on a secondment basis only, with prior agreement from their employer.

Role Title: The advertised title is for advertising purposes; the successful candidate will be hired as Cyber Operations and Engagement Lead until a formal change can be made.

This advert closes on Wednesday 8 Oct 2025