Full Time, Permanent
Manchester, London, Brighton
The Information Security Risk & Assurance Manager role is responsible for leading work to implement the BINS/BISL risk management framework across a wide range of information technology related risks affecting the BINS/BISL business, including technology failure, information governance, cyber, data protection, privacy and business continuity, so that BINS/BISL operates within risk appetite. Within this framework, the Information Security Risk Assurance Manager will lead the oversight and challenge of IT related risks across areas of BINS/BISL in both business as usual activity, projects and other developments but with a particular emphasis on Information Security / Cyber risks.
What does a typical day look like?
- Challenge with regards to the scoring of cyber related risks with a particular focus on ensuring that impacts have been fairly rated with regards to likely harm to customers.
- Focus on Information Security topics within teams and ensure that the level of investment proposed is proportional to the risk and that scoped appropriately.
- Work closely with the Information Systems and business teams to foster a high-achieving, well-controlled organisation which can achieve growth targets safely
- Develop, maintain and promote the information risk and resilience components of the Risk Management Framework (RMF) including risk appetites, emerging risks and incident capture and analysis
- Support IT and business teams in consistently applying the RMF to identify, assess, manage, monitor and report all material risks using appropriate tools (e.g. risk registers)
- Support management in other functions to enhance risk management practices in the related areas of Information Risk and Cyber Security;
- Support the effective operation of technical committees and Risk Committees operating to three lines of defence risk management model
- Provide second line oversight and challenge. In particular, second line oversight should include close engagement and challenge at relevant IT, data security, privacy, and business continuity committees and on project boards which deal with related content
- Ensure that the Enterprise Risk Director, Head of IT Risk Assurance and senior management are sighted on all material IT risks and incidents by providing appropriate reports and analysis
- Deliver assurance activities for material technology failure, information governance, cyber, data protection, privacy and business continuity risks
Who are we looking for?
- Highly credible and empathetic when dealing with a technical stakeholder community relating to information security and cyber topics.
- Knowledge and experience of best practice with regard to Information Security and cyber topics
- Attention to detail and an ability to express findings in a fact based and neutral way. Ideally this will be backed by experience with regard to assurance activities and delivering a risk-based plan to assess the effectiveness of IT risk management across businesses and functions in a complex international organisation.
- Skilled communicator with the ability to influence and motivate others in particular at an engineering, project and intermediate management levels within technical teams
- Able to express security and cyber trade-offs to a non-technical audience taking into account business and customer needs
- Experience of working at senior levels and able to present, influence and to advise senior management
Bupa celebrates you. Whether that’s through rewards or encouraging you to bring your true self to work. This becomes more than where you’re from. This is you. This is what we have belief in.
We’re a world-leading healthcare group, running care homes, health centres, dental centres and hospitals. At Bupa, we believe in quality, affordable and accessible healthcare for all. If you share our purpose of helping people live longer, healthier and happier lives, then look no further.
For more information, visit www.bupa.com