Job summary
- Main area
- IT
- Grade
- Band 8a
- Contract
- Permanent
- Hours
- Full time
- Flexible working
- Job ref
- 025-AC229-0925
- Employer
- Digital Health and Care Wales
- Employer type
- NHS
- Site
- Hybrid working
- Town
- Location to be confirmed at interview
- Salary
- £56,514 - £63,623 per annum
- Salary period
- Yearly
- Closing
- 09/10/2025 23:59
Employer heading
Cyber Resilience Principal
Band 8a
Digital Health and Care Wales is an ambitious organisation created by Welsh Government to lead on the digital transformation of health and care. It builds on the digital architecture and national services put in place by the NHS Wales Informatics Service over the past decade.
The organisation will lead on large-scale developments that make a significant difference to the people of Wales as well as to health and care professionals, such as expansion of the digital patient record and the creation of a National Data Resource. It will improve the way data is collected, shared and used. Please check your email account regularly. Successful applicants will receive all recruitment related correspondence via the email account registered on the application form.
All applicants are invited to apply in Welsh, any application submitted in Welsh will not be treated less favourably than an application made in English.
Job overview
An exciting opportunity has arisen to join the NHS Wales Cyber Resilience Unit as a Cyber Resilience Principal. We are looking for someone with a proven background in Information/Cyber security and Audit, a flexible 'can do' attitude and approach to work and the ability to provide advice and assurance that security risk across NHS Wales is being managed appropriately.
The role of the Cyber Resilience Principal is to provide support to the Cyber Resilience Unit to ensure the auditing and reporting structure is of an excellent standard in order to establish the CRU as world-class national service.
The Cyber Resilience Principal will be responsible for ensuring the reporting and auditing process is carried out in a consistent, concise and professional manner, and are developed to ensure compliance with the cyber security legislation such as CSRB, NIS regulations, best practice and Welsh Government requirements.
Who are the CRU?
The NHS Wales Cyber Resilience Unit (CRU), is an independent team hosted by Digital Health and Care Wales (DHCW). It’s core purpose is to increase the security and resiliency of information systems across NHS Wales.
The CRU has been delegated responsibility by the Welsh Government to lead the implementation and monitoring of compliance with the Network and Information Systems Regulations (NIS) across the NHS in Wales.
Main duties of the job
As Cyber Resilience Principal, you will act as a specialist in your own area, using your judgement to make decisions and to coach and mentor others in your profession, both within the team and in the wider Community of Practice you will:
Work autonomously, initiating action and reporting to a senior level, assisting and deputising as required.
Lead the development of the CRU auditing and reporting processes based on new and updated regulation.
Lead Cyber Resiliency Unit audits, and support CRU team members in conducting audits, as required.
Help establish the reputation of the CRU as a world-class national service.
Develop a consistent and concise report template for reporting to NHS Wales organisations and Welsh Government.
Develop dashboards to present reports and KPIs to Management, NHS Wales organisations and Welsh Government.
Review and quality assess reports produced by CRU before distribution to third parties.
Present reports as required to Management, NHS Wales organisations and Welsh Government.
Advise NHS Wales organisations on how to improve their compliance status and security posture based on CAF audit results.
Working for our organisation
Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Detailed job description and main responsibilities
Work with NHS Wales organisations and Welsh Government to further improve the auditing process and reporting structure.
Assist development of the CRU Auditing process using the Cyber Assessment Framework to provide a consistent, efficient and professional service.
You will be able to find a full Job description and Person Specification attached within the supporting documents, please click "Apply now" to view in Trac.
The ability to speak Welsh is desirable for this post; English and/or Welsh speakers are equally welcome to apply.
Person specification
Qualifications and Knowledge
Essential criteria
- Educated to master’s degree level, within Business or IT (or equivalent qualification / experience).
- Further evidence of relevant higher-level education (postgraduate) and/or training.
- Excellent understanding and experience of security compliance auditing processes and best practice, using recognised standards such as ISO 27001, NCSC CAF or Cyber Essentials.
- Excellent knowledge of the NIS and NIS2 Directives (Cyber Security legislation).
Desirable criteria
- Theoretical and specialist knowledge, gained with relevant certification in security auditing (e.g. ISCA CISA, ISO 27001 Auditor).
- Recognised qualification in Management or Leadership.
Experience
Essential criteria
- Practical experience, working at this level, across the range of work procedures and practices.
- Proficient in managing and motivating successful technical teams.
- Expert at delivering concise, accurate, high-quality written reports, providing complex and sensitive data, to tight deadlines.
Desirable criteria
- Proficient in coaching and mentoring staff; specifically agile and multi-disciplinary teams.
- A clear understanding and appreciation of the processes supporting clinical care and the approaches required to design and implement the supporting IT Security environment.
Skills and Attributes
Essential criteria
- Commitment to supporting the organisation’s mission to encourage and embrace diversity and inclusion across the NHS
- A flexible approach to work in a hybrid working environment.
- Travel throughout Wales between sites, as required by the job
Desirable criteria
- Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
- Knowledge of NHS Wales or the Health sector.
Employer certification / accreditation badges
Applicant requirements
Welsh language skills are desirable
Documents to download
Further details / informal visits contact
- Name
- Kevin Seward
- Job title
- Cyber Security Compliance Lead
- Email address
- [email protected]
List jobs with Digital Health and Care Wales in Administrative Services or all sectors