Role comes with remit to lead incident response and rollout of three-year strategy

Credit: Werner Moser/Pixabay

Government is recruiting for a leader to oversee cybersecurity across the NHS, the Department of Health and Social Care, and the national health and care system at large.

The post of national chief information security officer (NCISO) is advertised by the Department of Health and Social Care and comes with an annual salary of £150,000. The role sits within NHS England’s Transformation Directorate – which contains functions formerly housed by NHSX and NHS Digital.

The postholder’s responsibilities will include directing the response to any major cyber-related incidents. The NCISO will also spearhead the implementation of a system-wide cybersecurity strategy over a period of three years, and will create a new unit to provide a strategic approach to managing cyber risk nationally. This will include the provision of quarterly updates to the risk-management boards of DHSC and NHS.

Providing senior executives with “a regular system-wide threat assessment… [and assessing] system-wide vulnerabilities” will also be among the key duties of the security leader.

Related content

• NHS facing weeks of disruption after cyberattack on supplier of patient records systems
• DHSC signs £2m six-month deal to improve ability to ‘respond to recover from a cyberattack’
• Department of Health seeks leader for £200m post-WannaCry cyber security push

The job advert added: “As NCISO, you will establish the national-level strategy, standards, controls, and implement policies and assurance regimes to protect the health and social care system’s information assets, services and technologies. You will also be the DHSC’s and NHSE’s strategic and most senior, specialist advisor for cyber risk. Depending on discussions with the successful candidate, there may be options to take on additional responsibility for information governance and data policy.”

To apply for the job, candidates must submit a CV and a statement of suitability, and complete an online questionnaire by 11.55pm on Wednesday 16 November. Shortlisted applicants will then be asked to participate in a series of assessment and may be offered the chance to hold informal discussions to learn more about the post. 

During the subsequent final interview, candidates may be asked to give a five-minute presentation to a panel chaired by civil service commissioner Sarah Pittam. Also joining the panel will be: Kathy Hall, head of the DHSC and NHS England joint Digital Policy Unit; Pete Cooper, deputy director for cyber defence at the Cabinet Office; Shamim Rahman, deputy head of health care analysis at DHSC; and Mike Fell, executive director of national cyber security operation at NHS Digital.

Once appointed, the NCISO will be based across locations in Leeds and London and will directly manage a team of about 30 people. As with many roles in senior officialdom of late, the post comes with a specified “minimum assignment duration of three years” – although this is an expectation, rather than a contractual obligation.