-
NHS England

Head of Security – Cyber GRC

NHS England
United Kingdom · Full-time · Not Applicable

The Head of Cyber Governance, Risk & Compliance (GRC) plays a pivotal role in protecting some of the UK’s most critical national infrastructure. Reporting to the Security Principal, the role provides senior operational leadership for Cyber GRC and assurance across NHS England’s complex and highly federated technology landscape.

NHS England operates at national scale, delivering and enabling services that are essential to patient safety, public trust and national resilience. This role operates at the heart of that system, ensuring that cyber risk is understood, governed and managed proportionately while enabling digital transformation at pace.

The post holder will lead the day to day delivery of the Cyber GRC function with delegated authority, managing specialist teams and exercising matrix leadership across cyber, digital and technology services. The role is focused on leading technological change, ensuring governance and assurance remain effective as services, operating models and platforms continue to evolve.

Cyber resilience is fundamental to the successful delivery of the NHS Long Term & 10 Year Health Plans. This role will help ensure that transformation and modernisation initiatives can be delivered safely, securely and without disruption from cyber incidents, supporting continuity of care and public confidence. It offers a rare opportunity to shape how cyber security enables, rather than constrains, one of the largest and most complex health systems in the world.

The post holder will provide senior operational leadership for NHS England's Cyber GRC function, acting under delegated authority from the Security Principal to ensure effective governance across a complex, highly federated and evolving environment.

Key responsibilities include leading the operation and development of centralised cyber governance, policy and risk management frameworks, ensuring security policies, standards and controls remain fit for purpose, aligned to business risk and capable of protecting critical national infrastructure that underpins safe patient care and public trust. The role will oversee compliance and assurance activity against recognised frameworks and obligations, including ISO 27001, the NCSC Cyber Assessment Framework and nationally mandated requirements.

The post holder will lead the development and communication of high-quality cyber risk and resilience reporting, providing clear insight to senior leaders and governance forums to support informed decision-making during significant organisational, technological and service change.

Working in partnership with technology, operational and transformation teams, the role will embed security by design into services and programmes, supporting delivery of the NHS Long Term and 10 Year Health Plans. The role requires calm, credible leadership and resilience, balancing competing priorities while leading specialist teams and matrixed stakeholders through sustained change in a high-profile environment.

NHS England has a wide range of statutory functions, responsibilities and regulatory powers. These are focused on supporting the wider NHS to deliver high quality care, as well as doing those things that are best done once for the whole NHS.

Our staff bring expertise across clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial specialisms — enabling us to design and deliver high-quality NHS services.

In March 2025, the Government announced that NHS England and the Department of Health and Social Care will increasingly merge functions, ultimately leading to NHS England being fully integrated into the department. 

If you currently work within the NHS and if successful at interview, we will initiate an Inter Authority Transfer (IAT) via the Electronic Staff Record (ESR). This retrieves key data from your current or previous NHS employer to support onboarding, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may opt out at any stage of the process.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.

Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.

We cannot offer visa sponsorship for any vacancies.

For further details / informal visits contact: Name: Dulcie Herreros Job title: Deputy Director of Security Email address: [email protected]

Key Skills

Ranked by relevance

cyber security
Login to Apply
Posted
Jul 03, 2026
Type
Full-time
Level
Not Applicable
Location
Leeds

Industries

Hospitals Health Care

Categories

Other Information Technology Management

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
Understanding Recruitment NFP
Related

Scrum Master

2026-06-30

Full-time
Mid-Senior
United Kingdom
Non-profit Organizations
Management
View Job Details
North West Ambulance Service NHS Trust
Related

Head of Cyber Security

2026-07-02

Internship
Not Applicable
United Kingdom
Hospitals
Information Technology
View Job Details
Oman Air
Related

Manager – Holidays

2026-07-01

Full-time
Mid-Senior
Oman
Airlines
Management