Cyber Security and Compliance Officer

We are seeking an experienced Cyber Security and Compliance Officer to join our digital services team. This senior specialist role is vital in protecting the Trust's systems and data and ensuring we remain resilient in a rapidly evolving cyber landscape. You will act as an expert adviser to senior leaders and operational teams, translating complex cyber risks into clear, practical information that supports confident decision-making and helps build a strong security culture.

Collaboration is central to the role. You will work closely with internal teams and external partners to maintain compliance with NHS cyber security standards and best practice, including meeting the requirements of the Data Security and Protection Toolkit (DSPT). You will also work with Information Governance, Data Protection and both clinical and non-clinical teams, as well as contributing to work across the wider North West London collaborative to support a consistent approach to cyber security across partner organisations. The role may expand to include providing specialist advice beyond CLCH, supporting other members of the North West London community and mental health collaborative. This may involve contributing to joint initiatives that make best use of shared skills and resources.

A key focus will be developing and delivering initiatives that strengthen the Trust's cyber resilience, including engaging training and awareness activities that help colleagues stay secure, confident and compliant.

Main duties of the job:

• Lead on the development, implementation, and ongoing improvement of the Trust's cyber security framework, ensuring robust and proportionate protections are in place.
• Provide expert, senior-level cyber security advice to Trust leaders and key stakeholders, presenting technical information in a clear, pragmatic and accessible way.
• Ensure full compliance with NHS cyber security standards and best practice, including maintaining and improving the Trust's standing in the NHS Data Security and Protection Toolkit (DSPT).
• Work collaboratively with Information Governance, Data Protection, clinical and non-clinical teams to deliver a unified approach to cyber security across the organisation.
• Build strong relationships with external partners across the North West London collaborative, contributing to joint initiatives that enhance regional cyber security resilience.

About us:

We are proud to be one of the largest community healthcare providers in the country, with more than 4,500 colleagues caring for over four million people across London and Hertfordshire. Every day, our teams bring their skill, compassion, and determination to the people who depend on us. What inspires us is at the heart of who we are: when we work together, we can help people move forward in ways that truly matter. Our teams support children as they take their first steps in life, and they stand beside adults as they rebuild strength, confidence, and independence. From newborn health visiting to community nursing, stroke rehabilitation, and palliative care, we are there for people through some of life's most important moments.

Joining Central London Community Healthcare means becoming part of a community that lifts each other up. It means working in an organisation that values compassion, welcomes new ideas, and believes in the potential of every colleague. Your development matters here. Your wellbeing matters. Your voice helps shape the future of the care we provide. We offer a competitive employment package because the work you do matters. At Central London Community Healthcare, you will join an inclusive organisation that invests in its people, supports development, and helps you thrive while delivering high-quality care.

Job responsibilities:

Applicants are expected to present clear and relevant evidence of the competencies and responsibilities detailed in the attached Job Description and Person Specification, together with a demonstrated commitment to the Trust's values of Accountability, Inclusion, Compassion, and Empowerment. Please see attached Job Description and Person Specification for full roles and responsibilities.

Person Specification:

• Good working knowledge of the NHS and the work of a community Trust.
• Risk assessment and advice: Ability to proactively identify, assess and quantify cyber security risks while providing a balanced evaluation that considers operational and clinical impacts, ensuring that security measures align with the overall priorities of patient care and service delivery.
• Technical Proficiency: A strong technical background in vulnerability assessment, risk analysis, and security auditing. Expertise in Microsoft security solutions, such as Microsoft 365 Defender, Entra, and Intune.
• Up to date knowledge of cyber capabilities and emerging technologies, and how these can be applied operationally within complex organisations.
• Risk Assessment: Skilled in identifying, assessing, and mitigating cyber security risks. Proficiency in using security assessment tools and methodologies.
• Incident Response: Ability to lead investigations into security incidents and provide post-incident reviews.

• A Master's degree in Cyber Security, Information Technology, or a related field.
• Relevant certifications such as CISSP, CISM, CEH or equivalent.
• Data Protection Officer (DPO) certification or relevant training is an advantage.

• Extensive experience in a cyber security role, preferably within the healthcare sector or wider public sector.
• In-depth understanding of the NHS Data Security and Protection Toolkit (DSPT), Cyber Assessment Framework (CAF) and NHS Information Governance standards.
• Has worked in partnership with external suppliers, and across different services, to ensure cyber security.
• Experience of working in a large and complex multi-tiered environment.
• Experience managing security and compliance within Microsoft environments, particularly using Microsoft security tools and cloud services (e.g., Azure, Microsoft 365).
• Experience leading security audits, incident management, and staff training initiatives.
• Experience of implementing and supporting security control frameworks, such as ISO27001.
• Knowledge and experience of cyber security maturity frameworks such as NCSC CAF.
• Strong background in data protection regulations, including GDPR and the Data Protection Act.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

£72,921 to £83,362 a year per annum, inclusive of HCAS.