Deputy Chief Digital Information Officer–Cyber & Information Security

A Vacancy at St George's University Hospitals NHS Foundation Trust.

As a key member of the Group Digital Services Leadership Team, the Deputy Chief Digital Information Officer for Cyber & Information Security provides strategic leadership and executive assurance for cyber security, information security, and digital resilience across the hospital group.

The post holder will play a central role in delivering our vision ofoutstanding care, ensuring that digital services are secure, resilient, and trusted. They will enable safe and reliable care delivery by protecting critical systems and information, reducing cyber and information risk, and embedding security‑by‑design principles across digital transformation and operational services.

Operating in a complex and evolving threat landscape, the role will drive collaboration across clinical, operational, and digital teams to ensure cyber resilience supports care deliveryin the right place, at the right time, and that the organisation meets national regulatory, assurance, and resilience expectations.

The Deputy Chief Digital Information Officer (Cyber & Information Security) will provide strategic leadership and operational oversight across the following core areas:

· Cyber Security & Resilience

Lead the Group’s cyber security and resilience strategy, providing executive oversight of threat management, incident response and recovery. Embed security‑by‑design and resilience‑by‑design principles across all digital services to support safe, reliable care.

· Information Security & Assurance

Provide executive leadership for information security, ensuring compliance with NHS standards including DSPT and NIS Regulations. Oversee security architecture, access controls and third‑party assurance across on‑premise, cloud and managed services.

· Governance, Risk & Compliance

Maintain effective cyber and information security governance, delivering clear assurance to the Board and Executive teams. Lead cyber risk management in line with corporate processes and represent the organisation in regional and national forums.

· Strategic Leadership

Deputise for the Group Chief Digital Information Officer and work closely with Trust COOs and Executives to embed cyber resilience into operational decision‑making. Shape Group and system‑level cyber priorities aligned to organisational objectives and national guidance.

St George’s, Epsom and St Helier University Hospitals and Health Group cares for a population of four million people in South West London and North East Surrey. Our sites include St George’s Hospital, one of 11 major trauma centres in the UK and the largest healthcare provider and major teaching hospital in the area; St Helier Hospital, home to the South West Thames Renal and Transplantation Unit and Queen Mary's Hospital for Children; and Epsom Hospital, home to the South West London Elective Orthopaedic Centre (SWLEOC).

After years of collaboration, our two Trusts became a hospitals group in 2021. While remaining as two separate Trusts, being a hospitals group will help us to collaborate more closely on research, and the development, education, and training of our 17,000-strong workforce.

At gesh we are committed to supporting flexible working arrangements. Applicants are encouraged to discuss any flexibility they may need during the recruitment process.

Cyber Security & Resilience

• Lead the development and delivery of the Group‑wide cyber security and cyber resilience strategy.
• Provide executive oversight of cyber threat management, detection, response, and recovery arrangements.
• Ensure robust incident management, escalation and learning processes for cyber security events.
• Champion security‑by‑design and resilience‑by‑design principles across all digital programmes and services.

Information Security & Assurance

• Provide executive leadership for information security, ensuring the confidentiality, integrity and availability of data and systems.
• Assure compliance with NHS cyber and information security standards, including DSPT, NIS Regulations, and relevant national frameworks.
• Oversee technical security architecture, identity and access management, and security controls across on‑premise, cloud and managed services.
• Lead assurance activity in relation to suppliers, shared services and third‑party risk.

Governance, Risk & Compliance

• Establish and maintain effective cyber and information security governance arrangements across the Group.
• Provide clear, evidence‑based assurance to the Board, Audit Committee and Executive colleagues.
• Lead cyber and information security risk management, ensuring alignment with corporate risk processes.
• Represent the organisation in regional and national cyber security and digital assurance forums.

Strategic Leadership & Relationships

• Act as a deputy to the Group Chief Digital Information Officer, including representing the Group in senior internal and external forums.
• Work in close partnership with Trust COOs and Executive leads to ensure cyber resilience is embedded into operational decision‑making.
• Influence and shape Group, ICS and regional cyber security priorities through collaboration and leadership.
• Define, develop and embed the cyber and information security strategy, aligned to organisational objectives and national guidance.

This advert closes on Friday 15 May 2026

Proud member of the Disability Confident employer scheme

Disability Confident

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.