NHS England

Head of Security – Cyber GRC

NHS England

Leeds, England, United Kingdom · Full Time

Be the first to apply

Experience
Any
Salary
Openings
1
Posted
2 weeks ago
Work mode
In office
Eligibility
Applicants who can work in the UK without visa sponsorship. Current NHS employees who are successful at interview may transfer through the NHS IAT process.
Resume
Required to apply

Where you'll work

Job description

Role overview

The Head of Cyber Governance, Risk & Compliance (GRC) is a senior leadership position responsible for protecting critical national infrastructure across NHS England. Reporting to the Security Principal, this post provides operational leadership for cyber governance, assurance, and risk management within a large, highly federated technology environment.

NHS England works at national scale, supporting services that are vital to patient safety, public confidence, and national resilience. In this role, you will help ensure cyber risk is identified, governed, and managed in a proportionate way while enabling digital change to move forward at pace.

You will lead the day-to-day running of the Cyber GRC function under delegated authority, guiding specialist teams and working across cyber, digital, and technology services through a matrix leadership model. The position is centred on supporting technological change while keeping governance and assurance effective as services, operating models, and platforms evolve.

This role directly supports cyber resilience across the NHS Long Term Plan and the 10 Year Health Plan, helping transformation and modernisation programmes proceed safely and securely, without cyber disruption that could affect continuity of care or public trust.

Key responsibilities

You will act as the senior operational lead for the Cyber GRC function, with delegated authority from the Security Principal to maintain strong governance across a complex and distributed environment.

The role involves leading the design, delivery, and ongoing improvement of central cyber governance, policy, and risk management arrangements. You will ensure security policies, standards, and controls remain practical, aligned to business risk, and suitable for protecting the infrastructure that supports safe patient care and public confidence.

You will also oversee compliance and assurance activity against recognised standards and requirements, including ISO 27001, the NCSC Cyber Assessment Framework, and other nationally mandated obligations.

A further part of the role is producing and communicating high-quality cyber risk and resilience reporting. This will help senior leaders and governance forums make informed decisions during organisational, technology, and service change.

Working closely with technology, operational, and transformation teams, you will help build security by design into services and programmes in support of the NHS Long Term and 10 Year Health Plans.

The role calls for composed and credible leadership, resilience, and the ability to balance competing demands while guiding specialist teams and matrix stakeholders through sustained change in a high-profile setting.

Organisation background

NHS England carries out a broad range of statutory functions, responsibilities, and regulatory powers. Its purpose is to support the wider NHS in delivering high-quality care and to carry out activities that are most effectively delivered once for the whole NHS.

The organisation brings together expertise across clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial disciplines to design and deliver high-quality NHS services.

In March 2025, the Government announced that NHS England and the Department of Health and Social Care will increasingly merge functions, with NHS England ultimately becoming fully integrated into the department.

Working arrangements and important information

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working from the office.

Staff recruited from outside the NHS are usually appointed at the bottom of the pay band.

Visa sponsorship is not available for this vacancy.

If you currently work in the NHS and are successful at interview, an Inter Authority Transfer (IAT) will be started through the Electronic Staff Record (ESR). This process brings across key information from your current or previous NHS employer, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may choose to opt out at any point.

Contact for informal enquiries

Name: Dulcie Herreros
Job title: Deputy Director of Security
Email: england.cyberoperationsrecruitment@nhs.net

Leave it if you'd like a reply — we won't use it for anything else.

Click to browse, drag & drop, or paste a screenshot

PNG, JPG, GIF, MP4, WebM, MOV · Max 20MB each · Up to 5 files

🤖
Online · instant AI help