Team
Information Security
Working Pattern
Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week.
We are happy to discuss flexible working!
Top 3 skills needed for this role
* Information Security Governance & Risk Leadership
* Regulatory & Framework Expertise (ISO27001, GDPR, NIST)
* Stakeholder Communication & Security Culture Influence
What this role is all about
As Senior Information Security Officer, you’ll drive a business‑wide security agenda, shaping how we identify, assess and manage risk while keeping pace with evolving threats and regulations. Working closely with the CISO, you’ll turn strategy into action, lead our Security Governance team, and ensure our security posture not only protects but enables the business to thrive.
Key Actions
* Lead the continuous improvement of Vitality’s ISO27001 framework and Information Security Management System (ISMS), ensuring ongoing compliance
* Deliver key security initiatives that bring the Information Security Strategy to life and drive measurable impact
* Own and mature Information Risk management in alignment with the Enterprise Risk Framework
* Act as a trusted advisor on regulatory requirements and best‑practice frameworks (ISO27001, GDPR, NIST, ITIL), protecting the confidentiality, integrity and availability of systems
* Lead security governance forums and manage the Information Security Governance team, including the Information Risk function
* Embed security across projects and development lifecycles, ensuring risks are identified, assessed (including DPIAs), and effectively mitigated
* Oversee supplier and third‑party security risk, working closely with Cyber Security Operations to protect Vitality’s wider ecosystem
* Drive a strong security culture by maintaining policies, delivering compliance reviews, and rolling out engaging awareness and training programmes
What do you need to thrive?
* Minimum 5 years’ experience working in an Information Security Environment
* Proven experience in assessing and managing supplier and third‑party security risk
* Strong communication skills, with the ability to translate technical concepts into clear, business‑friendly messaging and produce high‑quality documentation (policies, standards, project artefacts)
* Demonstrated experience working across projects and development lifecycles (SDLC), including Agile environments
* Hands‑on experience implementing and maintaining ISO27001 and broader security governance frameworks (e.g. ISO27001/2, NIST, PCI DSS)
* Solid understanding of data protection and regulatory requirements (e.g. FCA, ICO, PRA, GDPR) and how to apply them in practice
* Ability to balance risk, compliance and business objectives in a fast‑paced, evolving environment
So, what’s in it for you?
* Bonus Schemes – A bonus that regularly rewards you for your performance
* A pension of up to 12% – We will match your contributions up to 6% of your salary
* Our award‑winning Vitality health insurance – With its own set of rewards and benefits
* Life Assurance – Four times annual salary
#J-18808-Ljbffr