Team
Vitality Technology
Working Pattern
Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week.
We are happy to discuss flexible working!
Top 3 Skills Needed For This Role
* Experience driving governance, risk, and control delivery
* Proven track record leading cross-functional security initiatives
* Confident in owning audit, reporting, and assurance outcomes
What This Role Is All About
At Vitality, we’re looking for an IAM & GRC Lead to take ownership of delivering our security governance, identity and access management, and assurance activities. This is a hands‑on role where you’ll work closely with teams across the business to keep key security, audit, and regulatory priorities on track and delivered to a high standard. You’ll help ensure controls are in place, reporting is clear and useful, and our approach to security remains consistent and effective—playing a key role in strengthening governance, supporting audits, and driving delivery across both our UK and Vietnam operations.
Key Actions
* Own and deliver security governance and control activities, including ITGC execution, audit readiness, evidence tracking, and support for GIA governance audits
* Maintain and update the ISO27001 ISMS (including policy and standards refresh), and deliver operational resilience and BCP artefacts aligned to regulatory expectations
* Drive control and assurance activities, including Segregation of Duties remediation and third‑party assurance questionnaires (SIG Lite and broader SIG), proactively identifying and mitigating risks
* Support cloud and platform security onboarding (GCP VMSP), alongside IAM/IDAM onboarding, role management, reporting discipline, and data classification and labelling aligned to global standards
* Coordinate security tooling and testing, including penetration testing and Wiz deployment, embedding solutions into BAU processes
* Establish and maintain clear, decision‑useful security reporting and governance, including monthly reporting (1st and 2nd line), Security KRIs, and TechComm reporting across the UK and Vietnam
* Build strong stakeholder relationships across technical and business teams, ensuring clear communication, alignment, and delivery of security priorities in a fast‑paced, evolving environment
* Work independently to prioritise, make decisions, and drive activities through to completion, aligning security initiatives with wider business objectives and delivering practical value
What do you need to thrive?
* Significant experience operating in a senior‑level security, IAM, or GRC role
* Strong knowledge of IAM/IDAM processes, including role management and access controls
* Experience working with governance, controls, and audit frameworks (e.g. ISO27001, ITGCs)
* Experience with third‑party risk and security questionnaires (e.g. SIG)
* Exposure to cloud environments (ideally GCP) and platform onboarding
* Experience producing clear, executive‑level reporting, including KRIs
* Proven ability to coordinate delivery across multiple teams and stakeholders
* Experience supporting audit processes (internal, external, and GIA)
* Ability to manage competing priorities and deliver to tight timelines with a hands‑on, delivery‑focused approach
* Strong collaboration skills, with the ability to bring stakeholders on the journey
So, what’s in it for you?
* Bonus Schemes – A bonus that regularly rewards you for your performance
* A pension of up to 12% – We will match your contributions up to 6% of your salary
* Our award‑winning Vitality health insurance – With its own set of rewards and benefits
* Life Assurance – Four times annual salary
#J-18808-Ljbffr