Job overview

Cyber Operations purpose is to support safe care and build public trust by building NHS England’s cyber resilience and enabling the wider health system to be cyber resilient, supporting Transformation Directorate’s purpose of delivering the best care and outcomes for the NHS.

The Cyber Operations sub-directorate consists of four operational areas:

• Cyber Security Operations Unit (CSOU & SIO)
• Cyber Delivery Unit (CDU)
• Cyber Improvement Programme
• Chief Information Security Office Function (CISO)

The Senior Security Advisor (CISO) for Insider Risk sits within the CISO Security Assurance team, supporting NHS England to manage cyber and information security risk through assurance, monitoring and risk-led security activity.

The role will help develop our insider risk capability, using security telemetry, behavioural indicators and investigative tooling to identify, assess and respond to potential misuse, compromise or inappropriate access to NHS England systems and data.

Working with Cyber Operations, CSOC, governance, data protection, investigations, policy and personnel security teams, the post holder will support proportionate, evidence-led approaches to insider risk and personnel security.

Main duties of the job

Main duties include acting as a specialist escalation point for insider risk matters, providing technical advice, case support and judgement across complex or sensitive activity.

The role will use threat hunting, KQL and detection engineering to identify indicators of misuse, compromise, inappropriate access or unusual activity requiring review.

The post holder will analyse Microsoft Defender for Endpoint, Microsoft Purview, Azure AD sign-in and other telemetry; support investigations; advise on monitoring, cloud controls, DLP, eDiscovery and tooling; improve workflows, playbooks and reporting; and identify control or response gaps.

The successful candidate will be an experienced cyber security professional with strong analytical, investigative and stakeholder engagement skills, able to apply technical expertise in a sensitive, proportionate and evidence-led way.

They will understand insider risk across technology, people, process and trust, and bring the judgement, discretion, curiosity and resilience needed to handle sensitive matters in a complex national organisation.

Working for our organisation

NHS England has a wide range of statutory functions, responsibilities and regulatory powers. These are focused on supporting the wider NHS to deliver high quality care, as well as doing those things that are best done once for the whole NHS.

Our staff bring expertise across clinical, operational, commissioning, technology, data science, cyber security, software engineering, education, and commercial specialisms — enabling us to design and deliver high-quality NHS services.

In March 2025, the Government announced that NHS England and the Department of Health and Social Care will increasingly merge functions, ultimately leading to NHS England being fully integrated into the department. 

If you currently work within the NHS and if successful at interview, we will initiate an Inter Authority Transfer (IAT) via the Electronic Staff Record (ESR). This retrieves key data from your current or previous NHS employer to support onboarding, including competency status, Continuous Service Dates (CSD), and annual leave entitlement. You may opt out at any stage of the process.

Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.

Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.

We cannot offer visa sponsorship for any vacancies.