Senior Security Governance Manager

Are you a governance leader who thrives at the intersection of information security, compliance, and organisational resilience? We're looking for an experienced Senior Security Governance Manager to drive our Information Governance, Cyber Security, and Quality frameworks to new heights. This is a high-impact role where you'll shape the strategic direction of security governance across the business, ensuring compliance with UK, NHS, and international regulations - while empowering teams to work securely and confidently in a complex digital environment.

Information Governance

• Develop and execute the organisation's Information Governance (IG) strategy in line with UK, NHS, and international data protection frameworks.
• Maintain governance policies and key artefacts such as DPIAs, Data Processing Agreements (DPAs), and Data Sharing Agreements (DSAs).
• Coordinate completion of the Data Security Protection Toolkit and support independent audit processes.
• Monitor compliance across business units and lead corrective actions where required.

Cyber Security

• Lead the implementation and maintenance of Cyber Security policies, ensuring robust governance across all business areas.
• Manage the ISO 27001 certification lifecycle – including audits, remediation, and recertification.
• Collaborate with technical and product teams to embed security standards and oversee incident response procedures.
• Drive measurable improvements in risk reduction and compliance maturity through strong audit oversight and playbook management.

Digital & Clinical Safety

• Partner with IT, Clinical, Legal, and Executive teams to align on digital safety practices.
• Maintain and review Digital Clinical Safety Policies, ensuring compliance with DCB0129/0160 and the Medical Device Directive.
• Oversee training compliance for clinical and digital safety roles, ensuring safety case documentation remains current.

Quality Management

• Lead the Quality Management System (QMS) aligned to ISO 9001, maintaining full documentation and audit readiness.
• Manage the ISO 9001 audit programme and guide remediation efforts.
• Support executive decision-making by maintaining clear visibility of organisational compliance.

Cross-Domain Governance

• Administer governance committee operations, risk registers, and action logs across IG and Cyber domains.
• Maintain accurate and auditable records of training, compliance, and risk activities to support evidence-based reporting.

Who You Are

• A trusted leader who sees the bigger picture and delivers with consistency.
• Excellent at bringing people together – building relationships across technical, clinical, and corporate teams.
• Someone who challenges the status quo, drives improvement, and leads change with clarity and empathy.
• A confident communicator who can translate complex governance data into clear, actionable insights.

You will provide strategic direction and clear communication across teams and senior stakeholders. Use influence and negotiation to secure alignment on best practices and risk management priorities. Produce concise, impactful reports and presentations that inform key business decisions. Maintain accuracy and attention to detail in all compliance and reporting activities.

Essential Experience

• Experience in leading Security Governance Transformation Programmes within the healthcare sector.
• Experience in preparation for CAS Audits.
• Proven experience in governance, risk, or compliance within a regulated or healthcare environment.
• Strong understanding of IG legislation, ISO Standards, Cyber frameworks, and NHS digital safety protocols.
• Demonstrated leadership and strategy execution within a governance or security function.
• Strong coordination skills across technical and clinical disciplines.
• Experience working with SIROs, Caldicott Guardians, DPOs, and certification bodies.
• Knowledge of international regulatory frameworks and multi-site operations.
• Experience with DCB0129/0160 standards, incident management, and external inspections.