Risk and Compliance Manager (Information Security)

Staines, UK
Sep 24, 2017
Oct 02, 2017
Contract Type
Full Time
Job Type
Bupa's purpose is helping people live longer, healthier, happier lives. Our status, as a company limited by guarantee with no shareholders, enables us to make our customers our focus, reinvesting our profits to provide more and better healthcare for current and future customers.

We employ over 84,000 people, principally in the UK, Australia, Spain, Poland, Hong Kong, Chile, Brazil, Saudi Arabia, India, New Zealand, Thailand and the US.

Around 70% of our revenue is from health insurance, with the rest from health and care provision. We fund healthcare around the world and run clinics, hospitals, dental centres, care homes and retirement villages in a number of countries.

This is an exciting time to be part of the Bupa Information Security and Governance team.

We operate in a highly regulatory world where our customers expect us to deliver for them without any issue. It is a world where 24/7 data secure resilient services have now become the industry norm. As a team we are making great strides in preventing, detecting and responding effectively to cyber threats.

Why not join our team where you can play a key role in driving world-leading robust cyber defence capabilities, improve security and manage significant risks.

Job Summary

The Compliance Manager works in the Information Security Team within IS&T Global Services, and reports to the Head of Information Security.

The purpose of the role is to own and manage compliance activity across the wider IS&T Global Services team, covering risk management; ISMS ownership; compliance with applicable Bupa policy and standards; applicable contractual, statutory and regulatory frameworks from an IT operational perspective; internal and external audit coordination and support; managing security requirements and activities of 3rd party suppliers; pen testing and technical compliance checks.

The role requires interactions with a wide range of senior staff, and so an ability to influence, inspire and manage stakeholders across the organisation is essential.

Key Responsibilities

This is a required role to provide support for risk management, internal and external audit and ISO 27001 within the Global Services Function.

IT Governance
  • Review information systems for compliance with legislation and specifies any required changes.
  • Responsible for measuring and tracking compliance with organisational policies and standards and overall information management strategy.
  • Own security management of 3rd party suppliers and partners

Risk Management
  • Carry out risk assessment within a defined functional or technical area of business.
  • Develop, implement and maintain risk management processes and track progress of all risks within scope.
  • Refer to domain experts for guidance on specialised areas of risk, such as architecture and environment.
  • Co-ordinate the development of countermeasures and contingency plans.

Information Assurance
  • Interpret information assurance and security policies and apply these in order to manage risks.
  • Provide advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
  • Contribute to the development of policies, standards and guidelines.
  • Own ISO27001 certified Information Security Management System
  • Coordinate Information Risk Forum within IS&T Global Services
  • Work collaboratively with wider Bupa Risk and Compliance teams

Conformance review
  • Plan and conduct audits and compliance checks within IS&T Global Services, against Bupa policy and technical standards
  • Liaise with and provides support for Bupa Internal Audit
  • Evaluate and independently appraise the internal control of automated business processes, based on investigative evidence and assessments undertaken by self or team.
  • Ensure that independent appraisals follow agreed procedure and advise others on the review process.
  • Provide advice to management on ways of improving the effectiveness and efficiency of their control mechanisms.
  • Identify and evaluate associated risks and how they can be reduced.

Penetration testing
  • Manage the test plan.

Performance management
  • Supervise individuals and teams.
  • Allocate routine tasks and/or project work.
  • Provide direction, support and guidance as necessary, in line with individuals' skills and abilities. Monitor progress against agreed quality and performance criteria.
  • Act to facilitate effective working relationships between team members.

Essential Skills
  • Degree or equivalent
  • Experience of managing an ISMS
  • Knowledge of risk management frameworks; experience of operational risk management processes
  • Knowledge of audit processes and techniques; experience of working with internal and external auditors
  • Knowledge of ISO 27001:2013
  • Knowledge of PCI-DSS would be useful.
  • Knowledge of technical security testing processes; experience of tracking tasks and activities to completion
  • Experience of managing suppliers

In return you will be rewarded with excellent benefits - including 25 days holiday, free healthcare, an onsite gym and a subsidised canteen. You'll also be supported in developing your skills with ongoing training and career opportunities.

Bupa is committed to an environment which will attract, retain and motivate its people. Bupa aims to ensure that every applicant to, or employee of is assessed for employment, promotion and development solely on the basis of personal merit and qualifications, regardless of gender, sexual orientation, pregnancy or maternity, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.

For further information on Bupa, our equal opportunities and your career with us, please visit www.bupa.co.uk
This job was originally posted as www.cwjobs.co.uk/job/76151155