Job Introduction
Please note: This is one UK-wide remote role that we are advertising across multiple locations to reach a broad pool of candidates. If you have already applied and see the role listed elsewhere, you do not need to apply again.
We’re looking for a motivated and detail-driven Information Security & Compliance Lead to help us strengthen the way we govern, protect and assure our digital environment. You’ll play a key role in ensuring our systems, services and processes meet the national standards and regulatory expectations we work to including DSPT, Cyber Essentials Plus and the Cyber Assessment Framework.
Working closely with our Head of Information Security & Enterprise Architecture, you’ll provide senior support across policy development, assurance activity, supplier governance and risk management. You’ll help us maintain a robust and well-evidenced Information Security Management System (ISMS), ensuring our approach to compliance is consistent, well-structured and embedded across the organisation.
This is an excellent opportunity for someone with hands-on security or infrastructure experience who now wants to broaden their impact across compliance, governance and operational assurance. You’ll collaborate with technical teams, service operations and transformation colleagues, helping to embed secure-by-design thinking and maintain a strong security posture across our hybrid digital estate.
From time to time, you may need to visit our Runcorn office or another HCRG site as part of the role.
Main Responsibility
Support the delivery and monitoring of secure infrastructure services across cloud, on-premises and hybrid environments
Ensure security and compliance controls are applied consistently across networks, servers, endpoints and backup environments
Contribute to the maintenance of the Information Security Management System (ISMS), including policies, procedures and risk registers
Support internal and external audit activity, evidence gathering and assurance reviews
Monitor compliance with frameworks such as DSPT, Cyber Essentials Plus (CE+) and the Cyber Assessment Framework (CAF)
Provide clear, practical security and compliance input for supplier reviews, contract renewals and new technology onboarding
Support incident management processes, including root cause analysis and follow-up improvements
Contribute to business continuity and disaster recovery planning with relevant technical teams
Collaborate closely with Infrastructure, Service Operations, Business Systems and Transformation teams to embed secure-by-design principles across services and projects
Share guidance, raise awareness and promote good security and compliance practices across the organisation
Please see the job description attached for a full list of responsibilities.
The Ideal Candidate
We’re looking for someone who is genuinely confident working in a compliance-led security role, someone who understands how to apply standards, manage evidence, guide colleagues, and keep us aligned with national requirements. You’ll be comfortable balancing practical security with robust governance, and you’ll bring a steady, structured approach to maintaining assurance across our digital environment.
Essential
Strong understanding of information security principles, with the ability to apply them in a compliance and governance context
Hands-on experience supporting compliance with frameworks such as:
Data Security and Protection Toolkit (DSPT)
Cyber Essentials Plus (CE+)
Cyber Assessment Framework (CAF) or ISO 27001
Confident reviewing controls, assessing risks, and producing clear, well-evidenced mitigation plans
Familiarity with public sector or NHS data protection responsibilities, including GDPR and NHS Data Security Standards
Experience contributing to incident response and ensuring that lessons learned are properly documented and embedded
Strong documentation skills — able to produce accurate policies, procedures, risk records and audit evidence
Comfortable working with Infrastructure, Service Operations and Transformation teams to ensure security and compliance requirements are understood and built in from the start
Able to work effectively with auditors, suppliers and governance groups, presenting information clearly and professionally
Desirable
Experience working within private cloud or hybrid environments, particularly where compliance requirements vary across services
Familiarity with toolsets such as EDR, vulnerability scanning, SIEM or MDM, particularly in relation to evidence gathering and assurance reporting
Relevant professional certifications (e.g., Security+, SSCP, ISO 27001, CISMP, CISSP Associate)
Understanding of backup and disaster recovery security principles, including compliance considerations
Package Description
As our new Information Security & Compliance Lead, you’ll be part of our valued team at HCRG Care Group.
You will feel valued in this role, receiving access to a wide range of exclusive rewards and benefits, including:
£50,000 – £55,000 with group pension
Private medical insurance with fast access to specialist support, including musculoskeletal and mental health services, available at locations across the UK
Membership of My Reward Hub, giving you discounts on everyday purchases such as groceries, plus cashback and voucher offers for you and your loved ones
Access to your wages as you earn them, helping you manage unexpected expenses without high interest or overdraft fees
Online and face-to-face wellbeing support for both mental and physical health, from healthy recipes and activity challenges to counselling, trauma support, career coaching and more
Access to eLearning, bespoke career pathways and professional development through our Outstanding Learning Enterprise team
An open, supportive culture where your ideas and contributions can shape how we deliver our purpose: changing lives through transforming health and care, supported by at least £100,000 of ringfenced innovation funding each year
The pride of working for an organisation committed to the highest clinical and quality standards, with the majority of our services rated “Good” or “Outstanding” by the Care Quality Commission
About the Company
We change lives by transforming health and care.
Established in 2006 we are one of the UK's leading independent providers of community health and care services, working with health and care commissioners and communities to transform services with a focus on experience, efficiency and improved outcomes. We deliver and transform adult and children community health services, primary care services including urgent care, sexual health, dermatology and MSK services as well as adult social care and wellbeing services. Across England, we support communities of many millions and directly help more than half a million people each year - guided by our simple values: we care, we think, we do.
We're committed to equal opportunities and welcome applications from a broad, diverse range of people who want to join our team. We’re a Disability Confident Committed company, so we work to provide facilities, work environment adjustments and technical solutions to be as inclusive of everyone.
While it doesn’t happen often, sometimes a role is very popular, and we’ll need to close it earlier than the date we’ve shown here. If you’re keen to join our team, we’d love to hear from you so please apply as soon as you can.
As you’d expect, safeguarding and protecting the children, young people and vulnerable adults that we work with is of the utmost importance so we have policies and procedures in place to promote safeguarding and safer working practices and everyone who joins the team is subject to a safer recruitment process, including the disclosure of criminal records and vetting checks.
Finally, we need to let you know that the company you’ll work for is part of HCRG Care Group Holdings Limited and by applying for this job we’ll need to process and hold information about you. If you would like to know a little more about how we use your information, please see our website's privacy policy.
