IT Risk & Control Assurance Manager

Social network you want to login/join with:

col-narrow-left

Bupa

Staines-upon-Thames, United Kingdom

Other

-

Yes

col-narrow-right

3e794b305c32

4

27.06.2025

11.08.2025

col-wide

Job Description:

IT Risk & Control Assurance Manager

London, Staines or Brighton - (or Across UK Locations)

Hybrid Working + Flexible

Permanent

From £60,300pa (dependant on location and experience) and fantastic benefits

Full time - 37.5 hours

Here you’ll be welcomed. We champion diversity and we understand the importance of our people representing the communities and customers we serve. You’ll find an inclusive environment where you can be yourself and where everyone is driven by the same purpose – helping people live longer, healthier, happier lives and making a better world.

We make health happen

This role will be part of a team of four peers working across the BGIUK Market Unit under the guidance of a Head of IT Risk and Control with the primary purpose to support the identification, articulation, assessment and ongoing management of Information Security and Technology Management Risks and Controls for each Business Unit (UKI, BG, Care, Clinics, Dental, Cromwell and Enterprise Platforms). Regularly reporting Risk, risk appetite position and the status of all mitigating controls to both Business and Technology risk committees as appropriate.

The scope of this role covers all Technology Risks; IT Strategy and Architecture, Service Management/Stability, Capacity/Capability Management, Disaster Recovery and Crisis Management. This role will also integrate the output from the Information Security Risk and Transformation Risk teams into the overall risk reporting for each Business Unit.

You’ll help us make health happen through:

• Interpreting and communicating to the Business Unit changes to Risk Polices, Business/IT Strategy, legislation that impact the existing Risk and Control Framework.
• Identifying and assessing Technology Management and Information Security issues so that control environments are properly defined and residual risk regularly assessed.
• Developing and managing the execution of the controls assurance plan.
• Overseeing the team conducting the control testing for the relevant business unit (i.e., the IT Risk & Control testing specialists and testing analysts)
• Supporting Business Unit (BU) and IT management in the design of key controls to mitigate identified issues and reduce residual risk.
• Regular reporting of BU IT Risks and Risk Appetite position to local risk committees, Market Unit (MU) Technology Risk Committee as well contributing to relevant committee and Board papers as required.
• Work with the Risk, Control and Processes owners to develop a trusted and robust set of process, risk and control metrics to allow risks, controls and issues to be continuously monitored.

Key Skills needed for this role:

• Experience of managing Information Security and Technology Risk and Controls in a regulated financial services company is essential.
• Understanding of the risks and controls inherent in all technologies including Cloud Services and Deployment Models
• The ideal candidate would have formal training and hands-on experience of designing, operating or auditing IT Controls.
• Experience of design and implementation of control automation and continuous monitoring would be useful but not essential.
• Demonstrable experience in Information Technology audits or IT Assurance (e.g., CISSP, CISM, CISA, CRISC, CCAK)
• A sound understanding of British and International Security Standards (e.g., ISO/IEC 27001, ISO/IEC 27002, NIST, CIS-20, PCIDSS) and the UK regulatory environment (e.g., ICO, FCA, PRA and CQC).

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.

• 25 days holiday, increasing through length of service, with option to buy or sell
• Bupa health insurance as a benefit in kind
• An enhanced pension plan and life insurance
• Onsite gyms or local discounts where no onsite gym available
• Various other benefits and online discounts

Bupa

We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.