Contact us CareFlow Connect sign in

View navigation

Back to all vacancies

Information Security Manager


To be agreed

Reporting to

Director of Enterprise Architecture 

Job purpose

To be responsible for ensuring that the companies, products, networks, infrastructure and services remain secure, working with development, technical and other internal teams to ensure that our products and offerings are secure by design.

The security manager will be responsible for all aspects of security from product/service inception through to delivery, helping define and enforce policy, standards and good practice across the business as well as validating and coordinating internal and external test activities to ensure our offerings remain secure and our customers are provided with the confidence they need when using our products and services.


The Information Security Manager is responsible for the following: 

  • Manages product standards compliance ensuring appropriate stakeholder representation and ownership of actions to ensure product compliance with appropriate standards.
  • Track the developments of Cyber Security and Information Security standards and guidance, ensuring products will comply in accordance with implementation deadlines.
  • Assist and contribute to the clinical safety cases for product releases providing IS assurances and confirming that changes do not contravene national recommended best practice.
  • Assist with the annual Data Security and Protection Toolkit to ensure compliance with the set out
    IS requirements
  • Ensure the Alliance meets the National Data Guardians 10 Data Security Standards.
  • Assist in the arrangement and delivery of annual Information Governance and Information
    Security Training.
  • Work closely with linked colleagues in the Corporate Team. Including the Executive Team, the Information Governance Manager, Compliance Manager and the Technical and Operational
  • Point of contact to manage and administer Security Incidents and keeping records of such.
  • Promoting awareness of customer and security requirements.
  • Security Risk Assessments, continual improvement including corrective and preventative actions.
  • Consideration of Information Security risks and recommendations in the completion of required Data Protection Impact Assessments.
  • Support the development of software by providing Information Security expertise as required.
  • Liaising with colleagues in deployment areas to give advice and assist in problem solving
  • Co-ordinate and deliver knowledge transfer as required ensuring colleagues have an overview of their requirements to be compliant with Information Security.
  • Provide feedback on Information Security compliance to senior management.
  • Keep up to date with legislation on Security and data quality both corporately and within the NHS.


  • A good understanding of the Information Security industry and cyber security plans
  • Good knowledge of networking/server and product development technologies
  • Penetration Testing toolkits, SIEM and other security related product experience. Knowledge of data quality principles and standards (including relation to NHS healthcare data).
  • Experience with information systems, processes and uses of information with the NHS
  • A proactive and positive approach and attitude to developing a increased Information Security aware culture.


Please apply in writing, sending a covering letter and CV to