Head of Cyber Security
Posted 3 hours 57 minutes ago by NHS
The closing date is 22 January 2026
The Head of Cyber Security will lead the Trust's cyber security strategy, governance, and operations. This senior leadership role ensures the confidentiality, integrity, and availability of OUH's digital assets and information systems. The post holder will act as the authoritative voice on cyber security, representing OUH in regional and national forums, and will be responsible for aligning the Trust's cyber posture with NHS frameworks such as DSPT, CAF, and ISO 27001.
Main duties of the jobThe Head of Cyber Security is responsible for shaping and executing the Trust's cyber security strategy, ensuring that digital assets and information systems remain secure, resilient, and compliant with NHS frameworks such as DSPT, CAF, and ISO27001. This role provides strategic leadership by developing and implementing cyber security plans, leading maturity assessments, and offering board-level assurance on risk and compliance. The post holder represents the Trust in key regional and national cyber forums, helping to align local priorities with broader NHS initiatives.
In addition to strategic oversight, the role encompasses governance and risk management, including ownership of the Information Security Management System (ISMS), leading audits, chairing assurance groups, and supporting data protection compliance as Deputy SIRO.
About usOxford University Hospitals NHS Foundation Trust is one of the largest NHS teaching trusts in the country. It provides a wide range of general and specialist clinical services and is a base for medical education, training and research. The Trust comprises four hospitals - the John Radcliffe Hospital, Churchill Hospital and Nuffield Orthopaedic Centre in Headington and the Horton General Hospital in Banbury. For more information on OUH please view OUH At a Glance by OUHospitals - Issuu
Our values, standards and behaviours define the quality of clinical care we offer and the professional relationships we make with our patients, colleagues and the wider community.
We call this Delivering Compassionate Excellence and its focus is on our values of compassion, respect, learning, delivery, improvement and excellence.
Job responsibilitiesFor further information, please refer to the attached job description and person spec. For an informal discussion about the role, please contact Ian Fabbro.
Person Specification Qualifications- Educated to Masters level in a relevant subject or have equivalent experience
- Specialist qualifications in ICT and/or Cyber Security, for example: CISSP/CISM/CRISC or equivalent
- Committed to ongoing specialist training to support job role and self-development
- Senior leadership in cyber security within an NHS or complex public sector environment, with a strong track record of achievement
- Extensive experience of managing cyber security and risk
- Extensive experience of interpreting and applying the law governing the management of information
- Broad IM&T knowledge and an understanding of computer and confidentiality related legislation and professional standards
- Good understanding of principles of managing enterprise-scale IT networks
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Oxford University Hospitals NHS Foundation Trust
£76,965 to £88,682 a yearper annum pro rata
ContractPermanent
Working patternFull-time,Flexible working,Home or remote working,Compressed hours