Information Security Consultant

Greater London
75000.00 GBP Annual + + 10% bonus + excellent benefits
15 Jun 2017
21 Jun 2017
IT, Internet
Contract Type
Full Time

Bupa's purpose is helping people live longer, healthier, happier lives. Our status, as a company limited by guarantee with no shareholders, enables us to make our customers our focus, reinvesting our profits to provide more and better healthcare for current and future customers.

We employ over 84,000 people, principally in the UK, Australia, Spain, Poland, Hong Kong, Chile, Brazil, Saudi Arabia, India, New Zealand, Thailand and the US.

Around 70% of our revenue is from health insurance, with the rest from health and care provision. We fund healthcare around the world and run clinics, hospitals, dental centres, care homes and retirement villages in a number of countries.

This is an exciting time to be part of the Bupa Information Security and Governance team.

We operate in a highly regulatory world where our customers expect us to deliver for them without any issue. It is a world where 24/7 data secure resilient services have now become the industry norm. As a team we are making great strides in preventing, detecting and responding effectively to cyber threats.

Why not join our team where you can play a key role in driving world-leading robust cyber defence capabilities, improve security and manage significant risks.

Job Summary
We're looking for an experienced Information Security Consultant to safeguard the confidentiality, integrity and availability of Bupa information and data, and the security of Bupa infrastructure and applications.

The role will also provide IT Security consultancy and guidance to Bupa Global Services, its internal and external customers and suppliers to ensure business needs can be delivered in a secure manner, adhering to Information Risk policies and standards and will act as advocates for the Information Security and Governance function ensuring its vision and objectives are clearly articulated, understood and delivered.

Key Responsibilities

Information Security and Assurance
- Provide advice, guidance and policy interpretation to a wide audience of internal and external entities (teams, projects, suppliers, customers and partners)
- Provide detailed technical standards content, based on established security policies and practices.
- Obtain and act on vulnerability information and conduct security risk assessments, business impact analysis and accreditation on complex information systems.
- Contribute to the investigation of major breaches of security, and recommend appropriate control improvements.
- Support the response to security incidents by the Security Operations Team including root cause analysis and ensuring that systemic gaps identified are closed in an appropriate and timely manner.

Penetration Testing
- Responsible for provision of interpretation of security testing output, where required, to assist in prioritisation of remediation activity.
- Define the plan for penetration testing
- Provide advice and guidance on the planning and execution of vulnerability tests.
- Defines and communicates the test strategy.

- Provide security consultancy for business as usual activities and to ensure that security related capabilities are fit for purpose and in line with the agreed operating model and risk appetite.
- Support the Head of Information Security in achieving the vision and strategic objectives within the security function including initiating, securing funding for and driving specific initiatives within this programme of work.

Emerging Technology Monitoring
- Provide detailed, expert level advice and guidance on technical security tools and processes required to support or further develop organisational security capabilities.
- Maintain awareness of opportunities provided by new technology to address information security challenges.
- Contribute to briefings and presentations about their relevance and potential value to the organisation.

Relationship Management
- Implement stakeholder engagement/ communications plans, including, for example; handling of complaints; problems and issues; managing resolutions; corrective actions and lessons learned; collection and dissemination of relevant information.
- Manage relationships with customers of the security team, covering internal and external colleagues, suppliers and Bupa customers.
- Seek and act on feedback from customers and other stakeholders to ensure that Information Security and Governance services are constantly evolved and improved.
- Help develop and enhance customer, supplier and stakeholder relationships.

Essential Skills
- Good experience and knowledge of Information Security management, ideally with a technical degree and /or industry recognised qualifications (e.g. CISM, CISA, CISSP, GEGIT, QCA).
- A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002) relevant Privacy legislation (especially Data Protection Act 1998) and regulatory obligations (e.g. PCI/DSS, FCA, PRA).
- Knowledge of process improvement and project management methodologies
- High interpersonal skills to enable partnership with IT and business stakeholders operating at all levels within the organisation.
- Knowledge of security architecture and design; experience of developing security requirements and ensuring these are adequately specified, represented in designs, and implemented in deployment.
- Knowledge of security policy implementation and deployment; experience of creating technical security standards based on established policy objectives and requirements.
- Knowledge of security process and control assurance; experience of providing assurance to customers, and gaining assurance from suppliers.
- Knowledge of current security tools, processes and techniques; experience of deploying tools, processes, training to demonstrate measurable security benefit.

In return you will be rewarded with excellent benefits - including 25 days holiday, free healthcare, an onsite gym and a subsidised canteen. You'll also be supported in developing your skills with ongoing training and career opportunities.

Bupa is committed to an environment which will attract, retain and motivate its people. Bupa aims to ensure that every applicant to, or employee of is assessed for employment, promotion and development solely on the basis of personal merit and qualifications, regardless of gender, sexual orientation, pregnancy or maternity, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.

For further information on Bupa, our equal opportunities and your career with us, please click the APPLY button.