Information Security Lead

We are seeking a skilled and motivated Information Security Lead to support the strategic and operational delivery of information security and infrastructure controls across our digital estate. Reporting to the Head of Information Security and Enterprise Architecture, this role is responsible for driving compliance with cyber and data protection standards (including DSPT, CE+, and CAF), supporting the secure delivery of IT services, and embedding robust security practices across business-as-usual operations and new service transitions.

Working within the Information Security and Architecture team, the postholder will serve as a senior technical lead across key domains, including cyber assurance, infrastructure security, policy development, and risk mitigation. You will collaborate with technical teams, service management, suppliers, and transformation programmes to deliver a resilient and secure digital environment.

This role is ideal for a technically capable security practitioner or infrastructure expert looking to influence organisation-wide practices while supporting the Head of Information Security in delivering a future-ready, compliant, and secure service model.

Base: This is a remote working role with occasional requirements to attend the head office in Runcorn.

Main Responsibility:

• Support the design, delivery, and monitoring of secure infrastructure services across cloud, on-premises, and hybrid environments.
• Ensure that security controls are applied consistently across networks, servers, endpoints, and backup environments (including Acronis and Barracuda solutions).
• Support the implementation of technical standards and frameworks aligned with NHS DSPT, Cyber Essentials Plus (CE+), and the Cyber Assessment Framework (CAF).
• Collaborate with the Infrastructure and Service Operations teams to deliver secure-by-design solutions.
• Assist in maintaining the Information Security Management System (ISMS), policies, procedures, and risk registers.
• Contribute to internal and external security audits, assessments, and evidence gathering.
• Monitor and report on compliance status, raising risks and recommending mitigations where appropriate.
• Deliver technical security input into supplier reviews, contract renewals, and new technology onboarding.

The Ideal Candidate:

Essential:

• Strong understanding of information and cyber security principles, including access controls, network security, encryption, endpoint protection, and vulnerability management.
• Practical experience supporting compliance with regulatory and best practice frameworks, including: Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus (CE+), Cyber Assessment Framework (CAF) or ISO 27001.
• Ability to assess security risks, develop mitigation plans, and communicate recommendations to technical and non-technical audiences.
• Familiarity with NHS and public sector data protection responsibilities (e.g. NHS Data Security Standards, GDPR, DSP roles).
• Experience participating in security incident response, post-incident reviews, and technical root cause analysis.
• Knowledge of identity and access management, security logging/monitoring, and asset/information classification.
• Strong documentation skills – able to produce policies, procedures, risk registers, and audit evidence clearly and accurately.
• Experience collaborating with Infrastructure, Digital Transformation, and Service Operations teams to embed secure-by-design principles.
• Confident in engaging with external auditors, suppliers, and governance bodies to represent the organisation’s security posture.

Desirable:

• Exposure to private cloud environments and related security tooling.
• Experience in security toolsets such as antivirus/EDR, vulnerability scanners, SIEM, or MDM solutions.
• Relevant industry qualifications (e.g. CompTIA Security+, SSCP, CISSP Associate, ISO 27001 Lead Implementer).
• Knowledge of backup and DR security principles (experience with Acronis, Barracuda, or equivalent welcome).

Package Description:

As an Information Security Lead you’ll be part of our valued team at HCRG Care Group. You will feel valued as an Information Security Lead within HCRG Care Group, receiving access to exclusive rewards and benefits including:

• £45,000 - £55,000 with group pension.
• Private medical insurance with fast access to the most used specialists including for musculoskeletal problems and for mental health support – at locations across the country.
• Free tea, coffee and milk at your base location in Runcorn.
• Membership of My Reward Hub, giving you access to discounts on everyday purchases like grocery shopping as well as cashback and voucher offers for treats for you and those special to you.
• Access to your wages as you earn them to help cover life’s emergencies and avoid overdraft fees or high interest rates.
• Online and face to face help with your mental and physical wellbeing – from healthy recipes and activity challenges through to post trauma support, legal, debt and life management help, as well career coaching and counselling.
• Access to eLearning, bespoke career pathways and opportunities for continuing professional development through our ‘Outstanding’ learning and development team, The Learning Enterprise.
• An open, just culture where you’re encouraged to have and implement ideas which can help us deliver our purpose: changing lives through transforming health and care – backed up by at least £100,000 of ringfenced innovation funding each year.
• The pride of working for an organisation committed to the highest clinical and quality standards: with the majority of our rated services holding “good” or “outstanding” ratings from the Care Quality Commission.

About The Company:

We change lives by transforming health and care. Established in 2006 we are one of the UK's leading independent providers of community health and care services, working with health and care commissioners and communities to transform services with a focus on experience, efficiency and improved outcomes. We deliver and transform adult and children community health services, primary care services including urgent care, sexual health, dermatology and MSK services as well as adult social care and wellbeing services. Across England, we support communities of many millions and directly help more than half a million people each year - guided by our simple values: we care, we think, we do.

We’re committed to equal opportunities and welcome applications from a broad, diverse range of people who want to join our team. We’re a Disability Confident Committed company, so we work to provide facilities, work environment adjustments and technical solutions to be as inclusive of everyone.

While it doesn’t happen often, sometimes a role is very popular, and we’ll need to close it earlier than the date we’ve shown here. If you’re keen to join our team, we’d love to hear from you so please apply as soon as you can.

As you’d expect, safeguarding and protecting the children, young people and vulnerable adults that we work with is of the utmost importance so we have policies and procedures in place to promote safeguarding and safer working practices and everyone who joins the team is subject to a safer recruitment process, including the disclosure of criminal records and vetting checks.

Finally, we need to let you know that the company you’ll work for is part of HCRG Care Group Holdings Limited and by applying for this job we’ll need to process and hold information about you. If you would like to know a little more about how we use your information, please see our website's privacy policy.