Information Security Lead

We are seeking a skilled and motivated Information Security Lead to support the strategic and operational delivery of information security and infrastructure controls across our digital estate. Reporting to the Head of Information Security and Enterprise Architecture, this role is responsible for driving compliance with cyber and data protection standards (including DSPT, CE+, and CAF), supporting the secure delivery of IT services, and embedding robust security practices across business-as-usual operations and new service transitions. Working within the Information Security and Architecture team, the postholder will serve as a senior technical lead across key domains, including cyber assurance, infrastructure security, policy development, and risk mitigation. You will collaborate with technical teams, service management, suppliers, and transformation programmes to deliver a resilient and secure digital environment. This role is ideal for a technically capable security practitioner or infrastructure expert looking to influence organisation-wide practices while supporting the Head of Information Security in delivering a future-ready, compliant, and secure service model. Base: This is a remote working role with occasional requirements to attend the head office in Runcorn.

• Support the design, delivery, and monitoring of secure infrastructure services across cloud, on-premises, and hybrid environments.
• Ensure that security controls are applied consistently across networks, servers, endpoints, and backup environments (including Acronis and Barracuda solutions).
• Support the implementation of technical standards and frameworks aligned with NHS DSPT, Cyber Essentials Plus (CE+), and the Cyber Assessment Framework (CAF).
• Collaborate with the Infrastructure and Service Operations teams to deliver secure-by-design solutions.
• Assist in maintaining the Information Security Management System (ISMS), policies, procedures, and risk registers.
• Contribute to internal and external security audits, assessments, and evidence gathering.
• Monitor and report on compliance status, raising risks and recommending mitigations where appropriate.
• Deliver technical security input into supplier reviews, contract renewals, and new technology onboarding.

We change lives by transforming health and care. Established in 2006, we are one of the UKs leading independent providers of community health and care services, working with health and care commissioners and communities to transform services with a focus on experience, efficiency and improved outcomes. We deliver and transform adult and children community health services, primary care services including urgent care, sexual health, dermatology and MSK services as well as adult social care and wellbeing services. Across England, we support communities of many millions and directly help more than half a million people each year – guided by our simple values: we care, we think, we do.

We are committed to equal opportunities and welcome applications from a broad, diverse range of people who want to join our team. We are a Disability Confident Committed company, so we work to provide facilities, work environment adjustments and technical solutions to be as inclusive of everyone.

Date posted 15 July 2025 • Salary £45,000 to £55,000 per year • Contract: Permanent • Working pattern: Full-time • Location: Runcorn, Cheshire WA7 4QX

• Strong understanding of information and cyber security principles, including access controls, network security, encryption, endpoint protection, and vulnerability management.
• Practical experience supporting compliance with regulatory and best practice frameworks, including DSPT, CE+, CAF or ISO 27001.
• Ability to assess security risks, develop mitigation plans, and communicate recommendations to technical and non-technical audiences.
• Familiarity with NHS and public sector data protection responsibilities (e.g. NHS Data Security Standards, GDPR, DSP roles).
• Experience participating in security incident response, post-incident reviews, and technical root cause analysis.
• Knowledge of identity and access management, security logging/monitoring, and asset/information classification.
• Strong documentation skills able to produce policies, procedures, risk registers, and audit evidence clearly and accurately.
• Experience collaborating with Infrastructure, Digital Transformation, and Service Operations teams to embed secure-by-design principles.
• Confident in engaging with external auditors, suppliers, and governance bodies to represent the organisation's security posture.

• Exposure to private cloud environments and related security tooling.
• Experience in security toolsets such as antivirus/EDR, vulnerability scanners, SIEM, or MDM solutions.
• Relevant industry qualifications (e.g. CompTIA Security+, SSCP, CISSP Associate, ISO 27001 Lead Implementer).
• Knowledge of backup and DR security principles (experience with Acronis, Barracuda, or equivalent welcome).

• £45,000 – £55,000 with group pension
• Private medical insurance with fast access to specialists
• Free tea, coffee and milk at the base location
• Discounts and wellbeing resources through My Reward Hub
• Flexible access to wages as you earn them
• Wellbeing and development resources, including learning and development opportunities
• An open, just culture that encourages ideas to help us deliver our purpose
• Care Quality Commission rated services and commitment to high clinical standards