IT Information Security Lead (Permanent) in London

MLC Partners are working with an established and highly regarded charity operating in the healthcare sector to recruit an experienced IT and Security Lead to support the delivery of its IT, digital and cybersecurity priorities. The organisation works closely with a major healthcare institution and is currently reviewing the long-term structure of its IT function. This is an excellent opportunity for a hands-on IT and cybersecurity professional to take ownership of a broad, high-impact role during an important period of organisational development.

The IT and Security Lead will be the key point of contact for IT, digital and cybersecurity matters across the charity. The role will support the delivery of the organisation’s IT and digital strategy, strengthen cyber resilience, and help ensure that systems, suppliers and support arrangements are fit for purpose. The role will also involve reviewing the organisation’s current IT support model. Much of the current support is provided through a partner healthcare organisation, but the charity may be moving to a different site, which creates a need to review whether this remains the right long-term arrangement. Depending on the outcome, the postholder may be required to develop a business case for bringing elements of IT and systems support in-house or moving to a different service model. This is initially a 12-month fixed-term contract, with a strong likelihood that the role will become permanent as the organisation defines the future structure of its IT function.

IT, Digital and Cybersecurity Leadership

• Act as the organisation’s lead point of contact for IT, digital infrastructure and cybersecurity.
• Support the delivery of the IT and digital strategy, translating priorities into practical delivery plans.
• Review current IT systems, processes and support arrangements, identifying opportunities for improvement.
• Provide advice on IT risks, service quality, supplier arrangements and future investment needs.

Cyber Essentials and Cybersecurity

• Review existing cybersecurity controls, policies and processes.
• Identify gaps and drive improvements across devices, access management, patching, software, data handling and supplier arrangements.
• Promote good cybersecurity practice across the organisation.
• Monitor and report on cybersecurity risks, incidents and mitigation activity.
• Support the development and maintenance of IT and information security policies, procedures and documentation.

IT Support and Operating Model Review

• Review current IT support arrangements, including services provided by a partner organisation.
• Assess whether the existing model remains suitable in light of future accommodation and operational requirements.
• Explore future options for IT support, including continued partner provision, outsourced support or bringing elements in-house.
• Develop a business case for a revised IT support model if required.
• Support any future transition to new IT support arrangements, ensuring effective planning, documentation and delivery.
• Act as the liaison between internal users, partner IT teams and external suppliers.
• Oversee day-to-day IT and systems issues, ensuring effective escalation and resolution.
• Support procurement or contract review activity relating to IT, systems, cybersecurity or digital services.
• Ensure appropriate documentation is maintained for systems, licences, assets, contracts and support arrangements.

Governance, Risk and Compliance

• Provide updates to senior leadership on IT delivery, cyber risk, service performance and project progress.
• Maintain IT risk records and contribute to wider organisational risk management.
• Ensure IT and cybersecurity activity aligns with charity governance, data protection and information security requirements.
• Help build a culture of secure, effective and user-focused technology use.

Experience Required

• Experience in an IT management, IT lead, cybersecurity, information security or digital operations role.
• Experience improving cybersecurity controls in a small to medium-sized organisation.
• Experience working with outsourced IT providers, shared service arrangements or third-party technology suppliers.
• Ability to translate technical IT and cybersecurity issues for non-technical stakeholders.
• Experience reviewing IT service models, support arrangements or technology operating models.
• Strong understanding of IT infrastructure, end-user computing, access management, patching, device management and systems support.
• Experience developing IT policies, cyber policies, asset registers or risk registers.
• Experience managing IT transitions, office moves or changes to IT service provision.
• Knowledge of data protection, information governance or GDPR requirements.