Cybersecurity Manager – Hospital ICT

About the role

The Cybersecurity Manager will lead the ICT Department’s strategy to protect the hospital’s digital assets and ensure resilience against cyber threats. Reporting to senior leadership, the role combines governance, risk management, and incident response within a healthcare environment.

Key responsibilities

• Develop and implement the hospital’s cybersecurity and digital resilience strategy aligned with ISO 27001, NIS2, GDPR and national healthcare guidance.
• Provide expert advice to executive management, clinical leadership and governance committees on cyber risk.
• Lead the creation, maintenance and enforcement of cybersecurity policies, standards and procedures across all services.
• Conduct enterprise‑wide cyber risk assessments, maintain the risk register and drive mitigation plans.
• Manage third‑party and supply‑chain cybersecurity risk for vendors and technology providers.
• Oversee security monitoring, threat detection, vulnerability management and endpoint protection services.
• Lead response to cyber incidents, including ransomware and data breaches, coordinating with ICT teams, clinical operations and national agencies.
• Ensure incident response plans and disaster‑recovery procedures are regularly tested and updated.
• Integrate cyber resilience into business continuity and disaster‑recovery planning for critical clinical services.

Required profile

• Proven experience in cybersecurity governance and leadership within a complex organisation.
• Strong knowledge of healthcare regulations and standards such as ISO 27001, NIS2 Directive and GDPR.
• Demonstrated ability to conduct risk assessments, manage risk registers and implement mitigation strategies.
• Experience leading incident response and coordinating with internal and external stakeholders.
• Ability to embed cyber resilience into business continuity and disaster‑recovery frameworks.

Required skills

• ISO 27001
• NIS2 Directive
• GDPR
• Cyber risk assessment
• Vulnerability management
• Security monitoring
• Endpoint protection
• Incident response
• Disaster recovery planning
• Third‑party risk management