My Blog

Cyber Security Lead (Sponsorship Available) At The Christie NHS FT

Advertisements

Employer: The Christie NHS FT
Job Title: Cyber Security Lead
Location: Manchester, United Kingdom
Salary: ยฃ66,582 to ยฃ77,368 a year
Job Type: Full-time
Closing Date: 24 June 2026

Job Summary

As Cyber Security Lead (Grade 8b subject to banding), you will provide strategic leadership, governance and assurance for cyber security across The Christie NHS Foundation Trust, acting with delegated authority from the CIO and SIRO.

You will ensure cyber security enables safe, resilient, and trustworthy digital services that protect patient information and support clinical care, aligned to the Trust and Digital Strategies and national NHS cyber priorities.

You will oversee cyber security services delivered by internal teams and third-party suppliers, maintain a clear view of cyber risk exposure, and provide high-quality reporting and escalation to senior governance and Board-level forums.

Develop, own and maintain the Trust Cyber Security Strategy and Roadmap, aligned to Trust objectives and national NHS cyber policy.

Main Duties of the Job

  • Act as the Trust’s senior authority on cyber security risk, providing expert advice, assurance, and appropriate challenge to executive and Board-level forums.
  • Translate national requirements and frameworks (including DSPT and the NCSC Cyber Assessment Framework) into pragmatic, risk-based controls and improvement plans.
  • Establish and maintain robust governance, policies, standards, and assurance processes.
  • Lead the annual Data Security and Protection Toolkit submission.
  • Maintain oversight of the cyber security risk register to ensure risks are assessed, owned, mitigated, and escalated appropriately.
  • Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit/Risk & Assurance Committees, and the Trust Board.
  • Provide strategic oversight of cyber operations including monitoring, incident response, vulnerability management, and identity & access management.
  • Assure the effectiveness of managed services delivered internally and through third parties.
  • Embed secure-by-design principles across architecture, procurement, and project delivery.
  • Provide cyber input to high-risk initiatives, including risk assessments, threat modelling, and assurance reviews.
  • Promote a positive security culture through engagement and awareness activities across clinical, operational, and corporate teams.
  • Contribute to business continuity, disaster recovery, and cyber resilience planning, including exercises, testing, and post-incident learning.
  • Participate in out-of-hours incident response where required.

About The Christie NHS Foundation Trust

The Christie is one of Europe’s leading cancer centres, treating over 60,000 patients a year.

The organisation is based in Manchester and serves a population of 3.2 million across Greater Manchester and Cheshire. As a national specialist, around 15% of patients are referred from other parts of the country.

The Christie provides radiotherapy through one of the largest radiotherapy departments in the world, chemotherapy on site and through 14 other hospitals, highly specialist surgery for complex and rare cancer, and a wide range of support and diagnostic services.

The organisation is also an international leader in research, with world first breakthroughs for over 100 years. It operates one of the largest early clinical trial units in Europe with over 300 trials every year.

Cancer research in Manchester, most of which is undertaken on the Christie site, has been officially ranked the best in the UK.

Job Responsibilities

Strategic Cyber Security Leadership

  • Develop, own, and maintain the Trust Cyber Security Strategy, Roadmap, and improvement plans aligned to Trust objectives and national NHS cyber policy.
  • Act as the Trust’s senior strategic authority on cyber security risk, providing expert advice, assurance, and challenge to Information Asset Owners, Executive Management Team members, and Board-level forums.
  • Translate national frameworks and requirements, including DSPT and NCSC Cyber Assessment Framework (CAF), into pragmatic, risk-based implementation.
  • Ensure cyber security is embedded within digital transformation, EPR, cloud, data, and infrastructure programmes.

Cyber Governance, Risk and Assurance

  • Establish and maintain a robust cyber security governance framework, including policies, standards, and assurance processes.
  • Lead delivery and annual submission of the Data Security and Protection Toolkit (DSPT), incorporating NCSC CAF-aligned assurance where applicable.
  • Maintain oversight of the cyber security risk register, ensuring risks are assessed, owned, mitigated, and escalated appropriately.
  • Provide high-quality cyber risk and assurance reporting to Digital governance groups, Audit, Risk and Assurance Committees, and the Trust Board.

Leadership of Cyber Security Resources and Services

  • Provide strategic leadership and oversight of cyber security services, resources, and contracts delivered internally or through third-party suppliers.
  • Ensure cyber security investments and services deliver value for money and are aligned to the Trust’s risk appetite and priorities.
  • Contribute to Trust-level financial and capacity planning to ensure cyber security considerations are embedded in digital investment decisions.

Oversight of Cyber Security Operations

  • Provide strategic oversight of cyber security operations, including security monitoring, incident response, vulnerability management, and identity and access management.
  • Assure the effectiveness of third-party and managed cyber security services.
  • Support coordinated response to cyber security incidents, working with the SIRO, Digital leadership, and external partners.

Secure Design and Change Enablement

  • Ensure secure-by-design principles are embedded into system architecture, procurement, and project delivery.
  • Provide expert cyber input to high-risk initiatives, including risk assessments, threat modeling, and assurance reviews.
  • Enable delivery of digital change whilst maintaining appropriate cyber security controls.

Leadership, Engagement and Culture

  • Act as an ambassador for cyber security, promoting a positive security culture and shared ownership across the Trust.
  • Line manage the cyber security team, responsible for appraisal, sickness absence management, recruitment, and selection decisions.
  • Build trusted relationships with clinical, operational, and corporate stakeholders.
  • Support cyber awareness and capability development across the organisation.
  • Demonstrate the agreed set of values and be accountable for attitude and behaviour.
  • Financial responsibilities as a delegated budget holder, and contract value for money.

Business Continuity and Resilience

  • Contribute to business continuity, disaster recovery, and cyber resilience planning.
  • Support cyber-related exercises, testing, and post-incident learning.

Person Specification

Qualifications

Essential

  • Masters Degree or equivalent experience in cyber security, information security, or related discipline
  • Recognised cyber or information security qualification, or demonstrable equivalent experience (e.g. CISSP, CISM, ISO 27001)
  • Continued professional Development courses related to information security

Desirable

  • Membership of a relevant professional body (BCS, ISACA, or equivalent)

Experience

Essential

  • Significant experience in cyber security leadership, governance, risk, and assurance roles
  • Experience of NHS or public sector cyber security frameworks, including DSPT and NCSC CAF
  • Demonstrable experience of providing cyber risk advice, assurance, and challenge to Executive Management Teams and Trust Boards

Desirable

  • Experience in a similar role for the NHS or Healthcare setting

Skills

Essential

  • Ability to document and present highly complex and sensitive cyber risk information to technical and non-technical audiences
  • Strong judgment in balancing cyber risk, patient safety, and service delivery

Knowledge

Essential

  • Expert knowledge of cyber security governance, assurance, and regulatory compliance best practices
  • Evidence of commitment to keeping up to date with current threats

Values

Essential

  • Ability to demonstrate the organisational values and behaviours

Other

Essential

  • Flexible, resilient, and collaborative approach
  • Participation in out-of-hours cyber incident response if required
  • Able to participate in an out-of-hours on-call rota if required

Additional Information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled Worker sponsorship to work in the UK are welcome and will be considered alongside all other applications.

From 6 April 2017, skilled worker applicants applying for entry clearance into the UK have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement.

How to Apply

If this opportunity interests you, head to the companyโ€™s official website for full details โ€” click here to submit your application.

Admin

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by