Job Title

Oxford University Hospitals NHS Foundation Trust is one of the largest NHS teaching trusts in the country, providing a wide range of general and specialist clinical services and serving as a base for medical education, training and research. The Trust comprises four hospitals – the John Radcliffe Hospital , Churchill Hospital , Nuffield Orthopaedic Centre in Headington and the Horton General Hospital in Banbury. Job overview The Head of Cyber Security will lead the Trust’s cyber security strategy, governance, and operations. This senior leadership role ensures the confidentiality, integrity, and availability of OUH’s digital assets and information systems, and represents OUH in regional and national cyber forums. The post holder will align the Trust’s cyber posture with NHS frameworks such as DSPT, CAF, and ISO 27001. Main duties of the job The Head of Cyber Security shapes and executes the Trust’s cyber security strategy, ensuring secure, resilient, and compliant digital assets and information systems. Key responsibilities include developing and implementing cyber security plans, leading maturity assessments, providing board‑level assurance on risk and compliance, and representing the Trust in national cyber forums. In addition to strategic oversight, the role encompasses governance and risk management, ownership of the Information Security Management System (ISMS), leading audits, chairing assurance groups, and supporting data protection compliance as Deputy SIRO. Working for our organisation Our values, standards and behaviours – Delivering Compassionate Excellence – underpin the quality of clinical care and professional relationships with patients, colleagues and the wider community. Person specification Qualifications Educated to Masters level in a relevant subject or have equivalent experience Specialist qualifications in ICT and/or Cyber Security, for example: CISSP/CISM/CRISC or equivalent Committed to ongoing specialist training to support job role and self‑development Experience Senior leadership in cyber security within an NHS or complex public sector environment, with a strong track record of achievement Extensive experience of managing cyber security and risk Extensive experience of interpreting and applying the law governing the management of information Broad IM&T knowledge and an understanding of computer and confidentiality related legislation and professional standards Good understanding of principles of managing enterprise‑scale IT networks COVID‑19 The COVID‑19 vaccination remains the best way to protect yourself, your family, your colleagues and our patients from the virus when working in our healthcare settings. Whilst COVID‑19 vaccination is not a condition of employment, we encourage staff to get vaccinated. If you are unvaccinated, helpful advice and information can be found at the Oxfordshire County Council website. Vacancy Closures Please note, this vacancy may close early if a high volume of applications are received. Probation Period This post is subject to a 6–month probationary period. If you currently hold a contract of employment with the Oxford University Hospitals, this will not apply. This statement does not apply to medical staff or executive appointments. Referencing When providing employment reference details, please provide correct work‑related email addresses so references can be sought promptly. Your first referee must be your line manager, supervisor or clinical lead from your current or most recent post or place of study. If you have previously worked for the Trust, a reference from your last manager is essential. Next Steps Please ensure you read the job description and person specification, and that your supporting statement reflects these criteria. Candidates selected for interview will be contacted after the short‑listing process, usually within 2 weeks. The majority of correspondence will be via the e‑recruitment system; check your emails regularly, including junk folders. Fraud Prevention Notice Fraudulent recruiters have used social media platforms to dupe potential job seekers into divulging personal and financial information. Any genuine communication about jobs at Oxford University Hospitals will come from 'Trac ' or via an ouh.nhs.uk email address. All meetings and interviews will be scheduled on Microsoft Teams from a verified OUH email