• Job Description

  Req#: R1140481

  Job Description:

  Head of Information Security Risk

  London / Manchester

  Flexible / Hybrid working available

  Permanent

  Here you’ll be welcomed. We champion diversity and we understand the importance of our people representing the communities and customers we serve. You’ll find an inclusive environment where you can be yourself and where everyone is driven by the same purpose – helping people live longer, healthier, happier lives and making a better world.

  We’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives.

  Right from the start you’ll become part of our digital strategy, joining us on our journey and developing yourself along the way.

  Role Overview

  As Head of Information Security Risk, you will lead the strategic planning and delivery of the BGUK approach to governance and oversight of information security risk and compliance, driving the reduction of security risks and improving security risk maturity.

  This is a high visibility in in which you’ll play key role in guiding teams in the prevention of risks crystallising. You’ll also support the delivery of the information security strategic planning across BGUK, providing robust challenge to the execution of the plans with focus on successful achievement of the outcomes, in line with legislative requirements and industry-accepted good practice.

  What you’ll do:

  • Define, implement, and maintain the Information Security (including Cyber Security) part of the Risk Management Framework for BGUK MU Technology.

  • Lead the scoping and delivery of BGUK Information Security Risk Assessments and facilitate risk appetite evaluations.

  • Provide subject matter expertise and independent guidance to the scoping, assurance, and delivery of the Information Security transformation programmes as well as the embeddedness of security controls in the wider transformation programmes.

  • Support the upskill of GRC team in Information Security topics.

  • Provide advice and direction to the Third-Party Assurance and the Risk & Control teams on information security matters, proposing appropriate solutions to manage risks

  • Undertake detailed reviews of proposed security controls or solutions with the Security team providing challenge where appropriate.

  • Establish the appropriate governance forums and reporting mechanisms for the assessment and reporting of the MU wide Information Security risks.

  • Have oversight of InfoSec risks across the MU, providing challenge on the prioritisation and reporting and escalation of such risks

  • Manage the security components of the Integrated Assurance plan – with Line 2 and Line 3 (MU and Group).

  • Work in conjunction with the Security Threat team to advise the GRC Director and CIO on relevant Information Security Risk matters, notably any emerging risks, any deterioration of risk position due to increases in threat landscape.

  • Work with the BINS compliance team to understand any relevant changes in regulatory expectations then factor these into assessments.

  What you’ll bring:

  • Extensive experience or recognised expert in the field of information security governance risk and compliance,

  • The ability to act as a leading authority on information security, providing guidance on the governance and management of information security risks for major IT programmes and strategic initiatives.

  • A proven track record of contributing to the strategic planning for information security in a complex environment and for developing and implementing organisation-level policies, standards, and guidance.

  • Experience of managing a team and relationships between teams to deliver an efficient and successful information security risk service.

  • Experience in developing and managing information security audit and assurance programmes, including assessing the security of third parties.

  • Experience in developing/managing information security reporting frameworks and dashboards.

  • Experience in providing guidance, council, and advice on information security to a diverse range of stakeholders explaining difficult concepts in language they can understand and consume.

  • Qualifications, such as BCS Fellow, CESG, IISP, CISM, CISSP, CRISC, CDPSE, CCISO are highly desirable.

  • Knowledge of common information security management/governance frameworks, such as ISO/IEC 27002, NIST, CIS 18 and COBIT

  • Knowledge of cloud technologies with a preference for MS Azure.

  • Experience of working in regulated financial services supporting SMF roles in the distribution of their responsibilities.

  Why Bupa?

  We are a health insurer and provider. With no shareholders, our customers are our focus. We reinvest profits into providing more and better healthcare for the benefit of current and future customers.

  Our benefits are driven by what matters to our people. It’s important to us that these benefits support a work-life balance that keeps people healthy, both mentally and physically. You will be eligible for:

  • 25 days holiday, increasing through length of service, with option to buy or sell

  • Bupa health insurance as a benefit in kind

  • An enhanced pension plan and life insurance

  • Annual performance-based bonus

  • Onsite gyms or local discounts where no onsite gym available

  • Various other benefits and online discounts

  Diversity and Inclusion

  Bupa is committed to making sure that every applicant is assessed solely on personal merit and qualifications. We actively celebrate the diversity of our colleagues and provide an inclusive environment so you can bring your true self to Bupa. We’ll make sure you are treated fairly. That’s why we’re happy to offer reasonable adjustments as part of our recruitment process to anyone that needs them.

  Time Type:

  Full time

  Job Area:

  IT

  Locations:

  Angel Court, London, Bupa Place, Staines - Willow House

• About the company

  Bupa's origins and global headquarters are in the United Kingdom.

Notice