We are looking for a Head of Cyber Security to deliver an industry leading security posture at West London NHS Trust. This is a critical role with responsibility for all aspects of Information Security.

The role will ensure West London meets all public sector (particularly healthcare) compliance and standards while delivering exceptional operational performance across the business. You will work with internal teams to help maintain a safe working environment for trust staff and patients. Protecting West London from security threats and cyber risk is of paramount importance for a public sector organisation delivering critical health services, this role is pivotal to upholding security standards. You will be responsible for staying up to date with and delivering the Data Security and Protection Toolkit (DSPT) and other central requirements as they manifest.

Reporting to the Director of Digital Services, the Head of Cyber Security is a key member of the digital senior management team. The Head of Cyber Security is responsible for the development, direction, management and delivery of information security across the business both internally and externally. The role will encompass communications, applications and infrastructure, including policies and processes which apply across the organisation.

As Head of Cyber Security, you will lead the on-going development and implementation of a security program that involves both corporate and clinical teams.

Main duties of the job

• Support and drive West London's information security portfolio including but not limited to DSPT CAF returns, threat intelligence platforms etc
• Active leadership of all cybersecurity requirements for infrastructure, applications, medical devices etc
• Deliver a Secure and Resilient business
• Ensure security and resilience remains a priority in the delivery of West London's operations
• Maintain a current understanding of the IT threat landscape for the industry
• Enhance, develop and maintain key operational procedures with a standards-based approach for all security work, ensuring effective development and operational compliance to applicable recognised standards
• Lead the security requirement inputs for key transformation projects
• Develop and embed a security focused culture across the organisation. Communicate best practices and risks to all parts of the business. Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced
• Brief the Board, Executive Team, senior management team and other key stakeholders on status and risks
• Be a key partner to the Director of Digital Services in helping to create a strategy and process that will further the work of the organisation and ensure West London has the highest possible operational and technical security procedures in line with expectations of an operator of critical health service

About us

West London NHS Trust is one of the most diverse healthcare providers in the UK, delivering a range of mental health and physical healthcare and community services. The Trust runs Broadmoor Hospital, one of three high secure hospitals in the country, with an international reputation.

Our high secure services care for patients from South of England and we provide low and medium secure services across eight London boroughs. The Trust also provides mental and physical healthcare in three London boroughs (Ealing, Hounslow and Hammersmith & Fulham). We employ over 5,000 staff, of whom 59% are BME. Our turnover for 2024-25 is over £500m.

The Trust is rated as 'Good' overallby the Care Quality Commission. Forensic services are rated as 'Outstanding'.

The Trust is an established partner and contributor in the development of the evolving North West London Integrated Care System and the Integrated Care Board. The Trust leads the NW London Children and Adolescent Mental Health provider collaborative.

Job responsibilities

The Candidate Pack provides an overview of the key tasks and responsibilities of the role, and the person specification outlines the qualifications, skills, experience and knowledge required. Please view as attached

The person specification below is not the full person specification, but outlines the criteria against which your application form will be assessed.

Person Specification

Qualifications

• Educated to masters level or equivalent level of experience of working at a senior level in specialist area
• Evidence of continuing professional development
• Microsoft Certified Professional qualifications including Azure server specialist and technology specialist
• IT Security Qualification(s) such as: ISC2 Certified Information Systems Security Professional) (CISSP) and / or Cyber Incident Planning & Response (CIPR)

Experience

• Significant experience of working at a senior level in IT operations.
• Substantial experience of working in a complex IT environment
• Experience of managing highly skilled network infrastructure staff
• Significant experience of planning and implementing IT systems and major infrastructure redesign.
• Experience of managing relationships with third party suppliers
• Experience of producing reports and documentation
• Experience of service redesign and of overseeing improvement plans

Knowledge

• Advanced knowledge of NHS Digital N365 programme and products
• Advanced knowledge of Microsoft Windows 10 and Microsoft Defender for Endpoint (MDE)
• Advanced knowledge of security / software update management via Microsoft Endpoint Configuration Manager (MECM
• Advanced knowledge of cyber security concepts and management tools

Skills

• Customer focused, effective and committed team leader
• Ability to prioritise using sound judgement and manage team workload
• Ability to set high standards for self and others to deliver service priorities
• Ability to prioritise and quickly identify the core issues in a situation
• Excellent interpersonal skills and an ability to communicate with individuals and groups at every level of the organisation
• Intellectual capacity to provide the leadership and direction to develop services and opportunities

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

£82,906 to £94,632 a yearper annum inclusive