Information Security Compliance Lead

At Elysium Healthcare, we believe that excellence in care begins with excellence in governance. That’s why we’re looking for a dedicated Information Security Compliance Lead to join our team and help safeguard the integrity of our digital environment—ensuring our services remain safe, secure, and compliant for the people who rely on us most.

This is a pivotal role where your expertise will directly support our mission to deliver high-quality care across our services. You’ll be instrumental in maintaining and enhancing our information security compliance framework, ensuring alignment with NHS Data Security and Protection Toolkit (DSPT), Cyber Essentials Plus, and the NIST Cybersecurity Framework (CSF).

As Information Security Compliance Lead, you’ll take ownership of developing, coordinating, and maintaining our organisation’s compliance framework—ensuring it meets all relevant contractual, regulatory, and internal policy requirements. You’ll make sure that compliance activities are not only embedded across the organisation, but also measurable and evidenced, with risks escalated and managed through appropriate governance channels.

You’ll work closely with the Information Security Manager, leading assurance activities, preparing for audits, and supporting regulatory reporting. Your work will ensure that our obligations are met and that robust evidence is available for both internal and external stakeholders.

As our Information Security Compliance Lead, you’ll:

• Develop and maintain our compliance framework in line with DSPT, Cyber Essentials Plus, and NIST CSF.
• Lead evidence collection and assurance reporting to demonstrate adherence to internal and external standards.
• Coordinate external audits and certification processes, ensuring readiness and successful outcomes.
• Embed compliance into business processes, ensuring it’s measurable, reportable, and actionable.

You’ll also take ownership of risk and assurance activities:

• Conduct risk and compliance assessments across systems, suppliers, and projects.
• Track and escalate risk treatment plans, ensuring timely resolution.
• Support incident management and regulatory reporting in line with DSPT and NIST expectations.
• Provide regular updates to governance forums and senior stakeholders.

Key Outcomes

• Annual DSPT submission completed with full evidence across leadership, training, access control, and incident response.
• Cyber Essentials Plus certification achieved and maintained.
• Organisational alignment to NIST CSF, with risks and maturity tracked and reported.
• Supplier and project assurance delivered in line with DSPT and NIST supply chain expectations.
• Incident reporting and post-incident reviews managed effectively and compliantly.

What you’ll bring

To thrive in this role, you’ll combine technical expertise with a calm, solutions-focused mindset and a collaborative approach. You’ll be confident navigating complex compliance landscapes, leading audits and assessments, and embedding security into the heart of our organisation.

• Extensive knowledge of NHS DSPT, Cyber Essentials Plus, and the NIST Cybersecurity Framework, along with a strong understanding of UK data protection obligations including the Data Protection Act 2018 and UK GDPR.
• Proven experience in information security compliance, ideally within healthcare or other regulated environments.
• Hands-on involvement in compliance assessments, supplier assurance reviews, and risk evaluations, with the ability to prepare audit-ready evidence and lead reporting activities.
• A track record of developing and maintaining security policies, standards, and procedures, aligned to regulatory and organisational requirements.
• Excellent communication and influencing skills, able to engage confidently with technical and non-technical colleagues, regulators, and external auditors.
• A proactive and analytical mindset, with the ability to interpret complex requirements, identify gaps, and drive continuous improvement.
• A calm and organised presence, especially when responding to urgent compliance needs or supporting incident investigations.
• A commitment to ongoing professional development, staying informed on evolving frameworks, regulatory changes, and best practice in information security.

It would be great if you also bring:

• Familiarity with broader regulatory frameworks such as ISO 27001, PCI DSS, or ICO guidance.
• Experience embedding compliance into projects, change programmes, and supplier contracts. 

This is a remote-based role, offering flexibility while ensuring close collaboration with colleagues across services. Occasional travel may be required to support project delivery, governance forums, or training.

What You’ll Get

At Elysium Healthcare, we believe in taking care of the people who care for others, you’ll enjoy a comprehensive benefits package designed to support your wellbeing, growth, and future:

• Annual base salary of £50,000.00 
• The equivalent of 33 days annual leave (including bank holidays) – plus your birthday off
• Wellbeing support and activities to help you maintain a healthy work-life balance
• 24 hour GP Service to ensure you are the best you can be
• Career development and training to help you achieve your professional goals
• Annual salary reviews to ensure your pay reflects your contribution
• Pension contribution to help secure your future
• Life Assurance for added peace of mind
• Enhanced Maternity Package so you can truly enjoy this special time
• Stream – instant access to earned wages when you need it
• Retail discounts, Blue Light Card, and Ely-vate employee benefits scheme

About us:

Elysium Health care has over 8,000 employees and a unique approach to the delivery of care. With a network of over 90 services across England and Wales covering Mental Health, Neurological, Learning Disabilities & Autism, Children & Education, there is opportunity for you to grow and move. 

Elysium Healthcare is part of Ramsay Health Care with a global network that extends across 10 countries and employs over 86,000 people globally. 

Elysium Healthcare follows safer recruitment of staff for all appointments and is a Disability Confident employer, committed to inclusive and accessible recruitment. It is a requirement that all staff understand it is each person’s individual responsibility to promote and safeguard the welfare of service users. All candidates will be subject to a DBS disclosure