Deputy Chief Digital Information Officer–Cyber & Information Security

Job overview

As a key member of the Group Digital Services Leadership Team, the Deputy Chief Digital Information Officer for Cyber & Information Security provides strategic leadership and executive assurance for cyber security, information security, and digital resilience across the hospital group.

The post holder will play a central role in delivering our vision of outstanding care, ensuring that digital services are secure, resilient, and trusted. They will enable safe and reliable care delivery by protecting critical systems and information, reducing cyber and information risk, and embedding security‑by‑design principles across digital transformation and operational services.

Operating in a complex and evolving threat landscape, the role will drive collaboration across clinical, operational, and digital teams to ensure cyber resilience supports care delivery in the right place, at the right time, and that the organisation meets national regulatory, assurance, and resilience expectations.

Main duties of the job

The Deputy Chief Digital Information Officer (Cyber & Information Security) will provide strategic leadership and operational oversight across the following core areas:

• Cyber Security & Resilience

Lead the Group’s cyber security and resilience strategy, providing executive oversight of threat management, incident response and recovery. Embed security‑by‑design and resilience‑by‑design principles across all digital services to support safe, reliable care.

• Information Security & Assurance

Provide executive leadership for information security, ensuring compliance with NHS standards including DSPT and NIS Regulations. Oversee security architecture, access controls and third‑party assurance across on‑premise, cloud and managed services.

• Governance, Risk & Compliance

Maintain effective cyber and information security governance, delivering clear assurance to the Board and Executive teams. Lead cyber risk management in line with corporate processes and represent the organisation in regional and national forums.

• Strategic Leadership

Deputise for the Group Chief Digital Information Officer and work closely with Trust COOs and Executives to embed cyber resilience into operational decision‑making. Shape Group and system‑level cyber priorities aligned to organisational objectives and national guidance.

Working for our organisation

St George’s, Epsom and St Helier University Hospitals and Health Group cares for a population of four million people in South West London and North East Surrey. Our sites include St George’s Hospital, one of 11 major trauma centres in the UK and the largest healthcare provider and major teaching hospital in the area; St Helier Hospital, home to the South West Thames Renal and Transplantation Unit and Queen Mary's Hospital for Children; and Epsom Hospital, home to the South West London Elective Orthopaedic Centre (SWLEOC).

After years of collaboration, our two Trusts became a hospitals group in 2021. While remaining as two separate Trusts, being a hospitals group will help us to collaborate more closely on research, and the development, education, and training of our 17,000-strong workforce.

At gesh we are committed to supporting flexible working arrangements. Applicants are encouraged to discuss any flexibility they may need during the recruitment process.

Detailed job description and main responsibilities

• Lead the development and delivery of the Group‑wide cyber security and cyber resilience strategy.
• Provide executive oversight of cyber threat management, detection, response, and recovery arrangements.
• Ensure robust incident management, escalation and learning processes for cyber security events.
• Champion security‑by‑design and resilience‑by‑design principles across all digital programmes and services.

• Provide executive leadership for information security, ensuring the confidentiality, integrity and availability of data and systems.
• Assure compliance with NHS cyber and information security standards, including DSPT, NIS Regulations, and relevant national frameworks.
• Oversee technical security architecture, identity and access management, and security controls across on‑premise, cloud and managed services.
• Lead assurance activity in relation to suppliers, shared services and third‑party risk.

• Establish and maintain effective cyber and information security governance arrangements across the Group.
• Provide clear, evidence‑based assurance to the Board, Audit Committee and Executive colleagues.
• Lead cyber and information security risk management, ensuring alignment with corporate risk processes.
• Represent the organisation in regional and national cyber security and digital assurance forums.

• Act as a deputy to the Group Chief Digital Information Officer, including representing the Group in senior internal and external forums.
• Work in close partnership with Trust COOs and Executive leads to ensure cyber resilience is embedded into operational decision‑making.
• Influence and shape Group, ICS and regional cyber security priorities through collaboration and leadership.
• Define, develop and embed the cyber and information security strategy, aligned to organisational objectives and national guidance.

Person specification

Knowledge and Experience

• Director or similar role in an NHS organisation with track record for overseeing cyber security, information governance and digital assurance functions
• In-depth understanding of cyber security landscape inside and outside of the NHS, Strong grasp of data protection legislation, IG frameworks, and clinical safety requirements for digital systems

Skills and Abilities

• Highly developed communication skills with the ability to communicate and present on highly complex, sensitive and/or contentious matters and difficult situations
• Ability to persuade board and senior managers of the respective merits of different options, innovation and new market opportunities.
• Ability to develop, maintain and monitor information systems to support innovation initiatives
• Ability to make sound judgement in the absence of clear guidelines or precedent, seeking advice as necessary from more senior management when appropriate
• Leadership, vision, strategic thinking and planning with highly developed political skills

Values

• Demonstrates commitment to NHS and organisational values and behaviours
• Demonstrate commitment and role model behaviours and actions that support equality, diversity, belonging and inclusion
• Strong compassionate and inclusive leadership