Please Note: The application deadline for this job has now passed.
Job Introduction
Head of Cyber Security
Derby – Hybrid
£69,066 per annum
DHU Healthcare is a ‘not-for-profit’ community interest company providing a diverse range of services to the NHS frontline, including urgent and emergency care, primary care, out of hours services and NHS111. We care for patients across the West and East Midlands – a population totaling around 14 million. As a socially conscious organisation, we provide compassionate, high-quality care to our patients and offer a supportive work environment to our 2,500 DHU employees. If you would like to find out more about us, you can visit our website at Our profile: DHU Healthcare.
About the role
As the Head of Cyber Security, you will be responsible for ensuring that the technology, infrastructure, systems and supporting processes, collectively provide appropriate and cost-effective protection against cyber threats and all identified security risks for the benefit of the organisation and wider regional / national bodies.
The post holder will participate in promoting and advancing DHU Health Care CIC, whilst working towards DHU’s Values, behaviour's, and principles
We are always:
- Compassionate – we show kindness, consideration and understanding in everything we do – and demonstrate our caring nature to our patient, people, and communities.
- Accomplished – we are available day and night – a response, adaptable, professional NHS partner, providing the best advice, care, and treatment for every individual.
- Respectful – we recognise the value that individual and team difference bring – welcoming views, listening, being honest, and learning from others’ experiences.
- Encouraging – we believe everyone matters, so we inspire confidence in other – promoting ‘speaking up’, fostering career-long learning and development, and supporting improvement ideas.
Responsibilities:
- Delivery of a cyber safe and compliant environment with ability to deliver assurance to the business.
- Manage, monitor, and improve business processes towards the delivery of a safe cyber environment for the business.
- Lead, support and deliver certification / assurance of nationally mandated requirements of DSPT, CyberEssentials & Cyber related ISO standards.
- To act as the designated specialist on Cyber Security for the Business and to provide an expert specialist advice service, in accordance with national and local digital security standards and best practice.
- Has good technical understanding and the aptitude to remain up to date with digital security developments. Possesses an in-depth understanding of the digital security services used by the Business. Is effective and persuasive in both non-technical language written and oral communication.
- Uses security management systems software and appropriate analysis equipment to collect routine threat statistics to model Business vulnerabilities, creating management reports, including proposals for improvement.
- Investigates and diagnoses complex security problems, working with users, other staff, and suppliers as appropriate to maintain the integrity of the Business’s digital security.
- Possess a broad understanding of business and technical issues. Possesses well developed management skills, with particular emphasis on interpersonal skills and the ability to motivate staff. Shows the ability to delegate effectively to technical staff, whilst maintaining full management control. Demonstrates the special leadership skills needed to handle innovation and change resulting from the implementation of new security solutions and services.
- Possess the ability to analyse, interpret and resolve highly complex digital security problems where there is no precedent and where other leading opinions may conflict, against a backdrop of changing operational priorities.
- To be responsible for the development, production, review, and update of Digital related security documentation including, and not limited to:
- Information Security Policy (Owned by Information Governance, Cyber Input)
- Internet Policy (Owned by Information Governance, Cyber Input)
- Email policy (Owned by Information Governance, Cyber Input)
- Anti-virus Policy
- Network & Remote Access Security Policies
- Bring Your Own Device (BYOD) Policy
- Logging and monitoring policy.
Essential Skills:
- Educated to master’s degree level, equivalent in an IT professional qualification or equivalent experience.
- Qualification in Information / Cyber Security (CISB, CISSP) or equivalent experience.
- Extensive experience of managing security improvement programmes within a healthcare / NHS setting
- Experience of developing Information Security policies in a complex environment where confidential information is stored.
- Experience of delivering an Information Security service to a large complex organisation using confidential information
- Prior experience performing security reviews and risk assessment.
- Experience of managing cyber incidents, response, and actions
- Ability to generate statistics/analysis and write reports on Business security environment.
- Knowledge of the Information Governance Toolkit (or equivalent standards)
- Ability to explain complex technical or legal issues to a non-technical audience (Essential)
- Ability to prepare and produce concise yet insightful communications for dissemination to senior stakeholders and a broad range of stakeholders as required (Essential)
- Ability to analyse very complex issues where material is conflicting and drawn from multiple sources.
- Experience of setting up and implementing internal policies, processes, and procedures
- Knowledge of common technologies such as Windows OS, email infrastructure, datacentres, network administration
- Demonstrated ability to perform phishing and Malware analysis.
- System and/or network administration (Windows/UNIX/Cisco)
Desirable Skills:
- Project Management Knowledge (Prince 2)
- Certified Ethical Hacker
- Experience of NHS structures and systems
- Contract & supplier management
- Understanding of the role of health informatics
- Appreciation of the strategic implications of IM&T in the NHS & Associated Healthcare providers
- Appreciation of common Healthcare HR policies, Health & Safety policies, Data Protection Act, Freedom of Information Act, Caldicott guidelines
- Car owner
In return, we can offer:
Joining DHU means you will receive some great benefits. This will include access to the NHS pension scheme – alongside a generous annual leave allowance that grows with your length of service or recognises your existing NHS commitment. We provide an incremental sick pay scheme and family friendly policies like maternity and paternity pay that match the NHS offer, alongside working enhancements including an additional 30 - 45% of annual salary for unsociable hours benefit (earning potential will vary on shift days / times). We will also support your health and wellbeing - with complementary Westfield Health Insurance membership which covers basic costs like your dental care, glasses, physiotherapy, chiropody and many more.
At DHU Healthcare, we are committed to fostering an environment where Equity, Diversity, Inclusion, and a strong sense of Belonging are not only celebrated but actively promoted. We believe that every individual, regardless of their background, deserves the right to access quality healthcare services and to be treated with respect and dignity. Our commitment to Equity, Diversity, Inclusion, and Belonging is at the heart of everything we do, from patient care to our organisational culture.