Job Description:
Security Consultant
Location: Staines (TW18 3DZ) / Manchester (M50 3SP) / London ( EC2R 7HJ)
Hybrid working (mostly remote with some on-site at Manchester / Staines)
Permanent
Salary: up to £80,000 (D.O.E) + 10% Bonus + Fantastic Benefits
Full time 37.5hrs
At Bupa, we’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives.
Right from the start you’ll become part of our digital strategy, joining us on our journey and developing yourself along the way.
As a Security Consultant at Bupa you role is to work with stakeholders across IT and the business to ensure that the appropriate tools, people and processes are in place to safeguard the confidentiality, integrity and availability of Bupa applications, data and infrastructure.
The role holder will need to understand the business impact of information security risks and use this to advise on, develop and support the implementation of appropriate security solutions and controls.
This is a central role in the Bupa UK Security team as it will help to embed a culture of security and privacy by design in the IT delivery lifecycle, managing and maintaining the security and risk posture of our systems and services, and ensuring that security policies and standards are maintained and adhered to.
How you'll help us make health happen:
1. Ensuring that solution designs include effective and appropriate security measures that safeguard the security, confidentiality, integrity and availability of Bupa UK information systems in compliance with the relevant legislation, regulations and standards.
2. Be the security subject matter expert for the applications, technology and infrastructure used across UKMU, having knowledge of the security and IT risks, vulnerabilities and weaknesses, and appropriate remedial action.
3. Embedding secure coding and testing practices into the SDLC (SAST, OWASP, CSC top 20, etc.), and assurance that security requirements are fully met prior to systems being transitioned into operations and are maintained once in operation.
4. Champion continual improvement in security delivery practices, including implementation of security policies, standards, tools and processes in the delivery lifecycle (SDLC) across the UKMU including processes and procedures as well instilling the right behaviours.
5. Provide specialist IT Security Services and advice to meet business needs; undertaking security risk, vulnerability assessments, and business impact analysis as required.
6. Provide technical security advice and validate the implementation of Security by Design principles through the relevant UK IT governance forums.
7. Support the development of the security architecture, roadmaps and plans for the UK Market Unit (UKMU) and support the adoption of this across the organisation.
8. Support the research and evaluation of security related hardware and software solutions, and input into the business cases for investments. Contribute to impact assessments of business change on the IT security architecture and associated artefacts.
9. Contribute to the development and maintenance of security policies, procedures and standards for UKMU IT.
10. Ensure efficient and cost-effective operation of applications security activities within agreed budgets.
Key Skills / Qualifications needed for this role:
11. A relevant technical degree and /or industry recognised qualification (CISSP, CISM and/or TOGAF)
12. Excellent technical knowledge and design experience of security technologies, such as network security appliances, identity and access management (IAM) systems, cryptography, SIEM, anti-malware solutions, automated policy compliance tools, and desktop (end user device) security tools.
13. Knowledge of architecture frameworks and design approaches (e.g. SABSA, TOGAF, ZACHMAN).
14. Experience of application and web technology and security issues (for example OWASP).
15. An understanding of British and International Security Standards (e.g. NIST, ISO/IEC 27001, ISO/IEC 27002, CSC20) relevant UK and EU privacy legislation (especially Data Protection Act 2018 and EU GDPR) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).
Benefits
Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.
Joining Bupa in this role you will receive the following benefits and more:
• 25 days holiday, increasing through length of service, with option to buy or sell
• Bupa health insurance as a benefit in kind
• An enhanced pension plan and life insurance
• Annual performance-based bonus
• Onsite gyms or local discounts where no onsite gym available
• Various other benefits and online discounts
Why Bupa?
We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.