NHS hunts £150k leader to oversee cybersecurity across health and care sector

Written by Sam Trendall on 14 November 2022 in News

Role comes with remit to lead incident response and rollout of three-year strategy

Credit: Werner Moser/Pixabay

Government is recruiting for a leader to oversee cybersecurity across the NHS, the Department of Health and Social Care, and the national health and care system at large.

The post of national chief information security officer (NCISO) is advertised by the Department of Health and Social Care and comes with an annual salary of £150,000. The role sits within NHS England’s Transformation Directorate – which contains functions formerly housed by NHSX and NHS Digital.

The postholder’s responsibilities will include directing the response to any major cyber-related incidents. The NCISO will also spearhead the implementation of a system-wide cybersecurity strategy over a period of three years, and will create a new unit to provide a strategic approach to managing cyber risk nationally. This will include the provision of quarterly updates to the risk-management boards of DHSC and NHS.

Providing senior executives with “a regular system-wide threat assessment… [and assessing] system-wide vulnerabilities” will also be among the key duties of the security leader.

Related content

The job advert added: “As NCISO, you will establish the national-level strategy, standards, controls, and implement policies and assurance regimes to protect the health and social care system’s information assets, services and technologies. You will also be the DHSC’s and NHSE’s strategic and most senior, specialist advisor for cyber risk. Depending on discussions with the successful candidate, there may be options to take on additional responsibility for information governance and data policy.”

To apply for the job, candidates must submit a CV and a statement of suitability, and complete an online questionnaire by 11.55pm on Wednesday 16 November. Shortlisted applicants will then be asked to participate in a series of assessment and may be offered the chance to hold informal discussions to learn more about the post. 

During the subsequent final interview, candidates may be asked to give a five-minute presentation to a panel chaired by civil service commissioner Sarah Pittam. Also joining the panel will be: Kathy Hall, head of the DHSC and NHS England joint Digital Policy Unit; Pete Cooper, deputy director for cyber defence at the Cabinet Office; Shamim Rahman, deputy head of health care analysis at DHSC; and Mike Fell, executive director of national cyber security operation at NHS Digital.

Once appointed, the NCISO will be based across locations in Leeds and London and will directly manage a team of about 30 people. As with many roles in senior officialdom of late, the post comes with a specified “minimum assignment duration of three years” – although this is an expectation, rather than a contractual obligation.


About the author
Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page




Please login to post a comment or register for a free account.

Related Articles

MoD seeks senior exec to boost ‘cyber awareness, behaviours and culture’ across defence sector
23 May 2023

Role comes with a remit to work with current and former military personnel, as well as officials and commercial suppliers

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

Government offers £100k for NHS digital policy chief
27 April 2023

Leader sought for joint DHSC-NHS team dedicated to tech and data

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...