Group Head of IT & Information Security Risk and Governance

The Group Head of IT & Information Security Risk and Governance will be responsible for developing, leading, and maintaining a comprehensive IT and information security risk management program. This role ensures that the organisation effectively identifies, assesses, manages, and mitigates IT and security risks across all information assets and systems. This role is key to ensuring the organisation remains resilient against evolving information security threats while maintaining compliance with industry standards. The Group Head of IT & Information Security Risk and Governance will lead efforts to create a robust security environment and minimise risks to critical business operations.

• Maintain and oversee the global IT & information security risk management strategy that aligns with the organisation's overall business objectives and risk appetite underpinning the Enterprise Risk Management Framework.
• Define and oversee risk assessment methodologies, controls, and reporting structures.
• Active involvement in the use of security tools and technologies that support risk identification, monitoring, and mitigation to strengthen the organisation's security posture and reduce risk.
• Conduct thematic risk assessments and evaluations to identify potential threats and vulnerabilities in the organisation's IT infrastructure and applications.
• Collaborate with cross-functional teams to assess the impact of new technologies, regulations, and security standards on the organisation's risk landscape.
• Develop processes for continuous monitoring of IT and security risks and the effectiveness of implemented controls.
• Lead governance frameworks, policies, and procedures across Bupa market units.
• Deliver accurate, timely reports for regulatory, board, and operational purposes.
• Champion risk awareness and training across the organisation.
• Collaborate with internal teams to enhance understanding of IT and information security risks and promote risk-based decision-making.
• Manage and develop the IT & Information Security Risk and Governance team, fostering collaboration and innovation.
• Act as the primary point of contact for IT and security risk queries, engaging with internal and external stakeholders within Group Information Security and the Market Units.

• Proven track record of building teams and leading risk management in a complex, global organisation.
• Extensive experience in IT and information security risk management, cybersecurity, or a related field with demonstrated success in leadership roles.
• Deep understanding of IT and security frameworks, risk assessment methodologies, and industry regulations.
• Excellent leadership, communication, and stakeholder management skills.
• Ability to translate complex technical risks into actionable recommendations.
• Proficiency in using risk management tools, platforms and security technologies.
• Strategic thinker with a proactive approach to problem-solving.
• A master's degree or professional certifications such as CISSP, CISM, or CRISC are highly desirable.
• Bachelor's degree in IT, information security, Cybersecurity, computer science, risk management, or a related field.

• 25 days holiday, increasing through length of service, with the option to buy or sell.
• Enhanced pension and life insurance.
• Annual Bonus.
• Car Allowance.
• Private medical insurance.
• Global wellbeing days.
• Opportunities for career development and internal mobility.

Bupa is a Level 2 Disability Confident Employer. We encourage all of our people to "Be you at Bupa", champion diversity, and understand the importance of our people representing the communities and customers we serve. We make health happen by being brave, caring and responsible in everything we do.

At Bupa, our purpose is simple: helping people live longer, healthier, happier lives and making a better world. With no shareholders, our customers are at the heart of everything we do. Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health—mental, physical, financial, social and environmental wellbeing. We support flexible working and have a range of family‑friendly benefits.

Time Type: Full time. Job Area: [Insert job area]