Job Details
Job Description:
Information Security Manager (DLP and Insider Risk)
Hybrid- (ad hoc onsite)
Location: Salford (M50 3SP) / Staines (TW18 3DZ) / London (EC2R 7HJ) / Brighton (BN1 4FY)
Permanent
Salary range: up to £70,000 (DOE) + 10% Bonus
Full time- 37.5 scheduled hours per week
At Bupa, we’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives.
Right from the start you’ll become part of our digital strategy, joining us on our journey and developing yourself along the way.
The successful applicant will lead, manage and develop the Information Protection team alongside managing enhancements and developments around Data Loss Prevention / Protection (DLP) using existing toolsets.
You’ll help us make health happen by:
The job holder is responsible for establishing and maintaining Information Protection (DLP and Insider Risk) across the Market Unit (UKI, Provisions, Group and BG).
Accountable for up to 11x direct reports.
DLP –
Oversee and ensure that a regular review of alerts is undertaken by the Information Protection team, to identify any Insider Threats such as accidental or malicious data exposure, within DLP toolsets, across all environments available within email, web, endpoint and Cloud, including but not limited to Teams, SharePoint and OneDrive.
Maintain oversight through the Information Protection team of unauthorised or non-corporate devices being connected to the cooperate LAN and inappropriate web usage and content.
Manage the teams approach to dealing directly with employees and line management across the business at all levels when handling DLP alerts.
Owning and refining the process around blocked or held content and the release process around detections.
Regularly provide management information (MI), which detail trends on the use and success of the DLP controls.
Undertake the creation of user education articles, where appropriate, and advise on best practice.
Information Security-
Work as part of the Information Security team to assist where necessary and to inform of events of security interest.
Oversee in relation to active incidents the operation and optimisation of security tooling/products, including network security (Email DLP, Web DLP, Cloud DLP, Network Access Control tooling), logging and auditing, event and incident management, privileged access management controls.
Act on security incidents, requests, and events to ensure that threats and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
Create and review documentation to audit standard.
Provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge.
Engage with strategic third-party information security suppliers, partners, and industry forums.
Aid with the investigation of security breaches following established procedures and make sure any recommended actions are followed up reducing the likelihood of reoccurrence.
Make sure that all security incidents have been correctly prioritised and diagnose in accordance to agreed procedures.
Investigate the causes of incidents, document findings and seek resolution.
Make sure the escalation of any unresolved incidents has been completed according to agreed procedures.
Make sure security incidents have been documented and closed where appropriate, according to agreed procedures.
Manage the on-call rotation for the Information Protection team emergency response.
Key Skills / Qualifications needed for this role:
Comprehensive IT Security experience.
SME in managing data loss incidents.
Team lead / People management experience- Essential.
Ideally a technical degree and / or industry recognised qualification and demonstrable experience in Information Security (e.g. CISSP, CISA, CISM, CSX-P or GIAC or CEH Certification).
A sound understanding of British and International Security Standards (e.g. CIS security benchmarks, ISO/IEC 27001, NIST, CSC20) relevant UK and EU privacy legislation (especially Data Protection Act 2018 and EU GDPR) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).
Experience working with Microsoft Office 365.
Excellent communication skills both orally and in writing and can present complex information to both technical and non-technical audiences.
Benefits
Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.
Joining Bupa in this role you will receive the following benefits and more:
• 25 days holiday, increasing through length of service, with option to buy or sell
• Bupa health insurance as a benefit in kind
• An enhanced pension plan and life insurance
• Annual performance-based bonus
• Onsite gyms or local discounts where no onsite gym available
• Various other benefits and online discounts
Why Bupa?
We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.
