Information Security Lead

Post: Information Security Lead

Hours: 37 hours per week, Monday-Friday 9am-5pm (with some evening and weekends required for training delivery across sites and services)

Salary: £29,540 - £33,391 per annum - depending on experience and qualifications

Reports to: The Head of Quality and Risk

Accountable to: Chief Operating Officer

Base: Newfield House, Vicarage Lane, Blackpool, FY4 4EW and will include visits across all sites for training and delivery

Job Summary
FCMS, a social enterprise for health and wellbeing services, is seeking a dedicated and forward-thinking Information Security Lead to strengthen our information governance and data protection principles across the organisation. We are looking for somebody passionate and proactive to champion a positive and secure culture, who can also provide professional challenge where required with solutions offered or sought out through knowledge, skillset and experience. The post requires the ability to link together a multitude of different compliance elements within a dynamic and fast-paced environment; in order to deliver exceptional care to our patients, who are the central focus of all that we do.

This role is a key part of our Quality & Risk Team and central to maintaining the integrity, safety, and resilience of our clinical and corporate systems. This is a pivotal role that blends leadership with hands-on influence, empowering staff and managers to embed a strong security culture while keeping our digital landscape safe and resilient.

Key Duties And Responsibilities
As our Information Security Lead, you'll be at the forefront of driving a security by design mindset across all teams. You will be responsible for:

1. Training & Culture: designing and delivering engaging data security training and driving initiatives for staff and managers. You'll be a coach instilling the best practices in a way that sticks, adapting styles as required for the audience, ensuring data security awareness becomes part of everyday working culture.
2. Information Governance and data protection: design and chair information governance and information asset owner working groups including agenda creation, minutes and action plans and reports. Implement and oversee policies and frameworks that ensure data is handled responsibly, legally, and securely in line with NHS, ICO and regulatory standards and to coach and support IG champions. Provide assurance and evidence to support NHS DSPT toolkit completion.
3. Cyber Security Assurance: conducting regular risk assessments, audits and reviews to identify vulnerabilities and strengthen our defences within digital systems, processes, or people and environments. Support FCMS with the vision of further developing our digital landscape and the future of health systems, as the world moves into AI and cloud-based products for support with compliance monitoring, reports and recommendations. Support working towards gaining cyber essentials accreditation for any in-house elements outside outsourced ICT services.
4. Internal ICT oversight: managing relationships with outsourced ICT service providers who provide the ICT infrastructure, networks, cyber division and ICT helpdesk, ensuring ICT services meet security, performance, and user experience expectations for FCMS. You will be the conduit between external ICT services and FCMS to escalate any issues that arise and seek key assurances and KPIs required for data protection and cyber assurances, using frameworks such as the NHSE DSPT and overseeing the SLA.
5. Incident Response & Resilience: review data/security breaches or incidents in a timely manner and support teams in any investigations required and produce reports as needed. Shape our response protocols and business continuity plans, testing these and supporting services with BCP and incident responses so we are always ready for the unexpected!

What You'll Bring
Confidence in training and communicating with non-technical audiences. Strong knowledge of GDPR, NHS data security requirements, and cyber security principles and able to champion good practices in a way that people can easily understand and apply day-to-day. Proven experience in information security, data governance, cyber security or a similar field. A practical understanding of cyber risk management and assurance methodologies. Ability to work across teams, bridging the gap between IT, compliance, and business functions. Familiarity with regulatory frameworks (e.g. ISO 27001, GDPR, NCSC, or similar). Experience overseeing outsourced IT service providers and liaising with other third parties. Relevant certifications (e.g. CISSP, CISM, ISO 27001) are a plus but not essential if your experience shines through.

Our Key Expectations Are
Self-awareness, Adaptability, Openness, Positivity, Generosity of spirit, Ability to have fun.

Disability Confident Employer
As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy.

DBS: This post is subject to the Rehabilitation of Offenders Act (Exemption Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions. This will require three forms of valid ID to be produced and verified.

Person Specification

Qualifications - Essential: 5 GCSEs A* - C including English Language or equivalent training of management or healthcare related qualification.

Desirable: Project management, IT, system securities or data qualifications e.g. CISSP, CISM, ISO 27001.

Skills, Knowledge & Competencies - Essential: Strong knowledge of GDPR, NHS data security requirements, information governance and cyber security principles.

Experience - Essential: Proven experience in information security, data/information governance, cyber security or a similar field and experience of cyber risk management and assurance methodologies.

The organisation is committed to safeguarding and promoting the welfare of children, young people and vulnerable adults and expects all staff to share this commitment.