IT Security Officer
The IT Security Officer role is fundamental in ensuring the confidentiality, integrity and availability of Bupa information systems. The individual will be responsible for developing and maintaining Information Systems security and processes in line with industry best practices, including, but not limited to:
- disaster recovery
- business continuity
- database protection
- network security
- incident response
- software development
- managing penetration test output and vulnerability management
- ensuring applications and networks remain functional within a secure environment.
- 3rd party due diligence
This individual will, through continued research and development, provide technical security, direction and advice, maintaining infrastructure innovation. The individual ensures system hardware, operating systems, software, and related procedures adhere to recognized good practices and organizational values, enabling staff, volunteers, and partners to fulfill their roles securely.
- Engineering of highly secure solutions for various project and operational needs.
- Secure configuration reviews aligning to BUPA security standards, policies and operational requirements. This includes new / rebuild and existing servers, defining hardware configuration, peripherals, services, settings, directories, storage, etc.
- Maintain and safeguard IT assets, data and information.
- Direct on the installation and configuration of security solutions including log monitoring, intrusion detection, Anti-virus, malware protection, data loss prevention, mail gateways and asset management applications, web filtering software and any additional security solutions.
- Responsible for ensuring oversight of the installation and maintenance of the antivirus system
- Advise and support project teams defining security requirements, benefits, and technical strategy; research & development within the project life-cycle; technical analysis and design; and support of operations staff in executing, testing and rolling-out solutions.
- Manages security and operations activities within project from concept through to production
- Performs system audits as directed by IT Director Head of IT Security or HR.
- Contribute to and maintain security standards in line with InfoSec best Practice
- Research and recommend innovative, and, where possible, automated approaches for system security administration tasks.
- Security monitoring to identify nefarious activity including violations to standards / policies
- Supporting the business in the identification of new releases, system upgrades and patches including resolution of software or hardware related problems
- Core member of Change Advisory Board and/or equivalent Change Control approval processes.
- Lead all IT and information security related investigations as requested by line management ensuring Head of IT Security oversight.
- Validates updates to firewalls, spam filters, routers and switches to secure the networking infrastructure have been implemented
- Manages security incident response and advising on lessons learnt to enhance the security posture.
- Responsible for monthly reporting of Security incidents, risks and issues.
- Support the local policy owner for Business Continuity.
- Support and ensure DR capabilities are managed around the business.
- Ensure that OS patches and upgrades required to maintain secure and reliable service are applied in a timely manner.
- Co-ordinating and responding to security penetration testing and the management of vulnerabilities
- Provides reports detailing covering areas of non compliance
- Maintain security administrative tools and utilities as required.
- Maintain secure operational, configuration, or other procedures relating to systems security.
- Work with the Head of IT Security to raise awareness of Information security across the Group
- Ensure logs are recorded, managed and reviewed in line with group expectations
- Supports Technicians, System Engineers and System Administrators when issues are outside of their scope of knowledge/experience.
The Ideal Candidate
- Requires a bachelor’s degree in Computer Science or equivalent Certification in Microsoft operating systems and networking.
- 5 - 7 years experience in the System Administration
- Familiar with standard concepts, practices, and procedures within a particular field.
- CISSP certification preferred but not required.
About the Company
Bupa’s purpose is longer, healthier, happier lives.
As a leading global health and care company, we offer health insurance, medical subscription and other health and care funding products; we run care homes, retirement and care villages, primary care, diagnostic and wellness centres, hospitals and dental clinics. We also provide workplace health services, home healthcare, health assessments and long-term condition management services. We have 32M customers in 190 countries. With no shareholders, we invest our profits to provide more and better healthcare and fulfil our purpose. We employ 84,000 people, principally in the UK, Australia, Spain, Poland, New Zealand and Chile, as well as Saudi Arabia, Hong Kong, India, Thailand, and the USA.
We have grown significantly, particularly through 2013 to 2015, when we accelerated execution of our Bupa 2020 strategic vision. We are similar in revenue and profit to Marks & Spencer, and larger than Heinz in revenue. Because Bupa does not have shareholders it does not have a listing, but if it did it would be in the FTSE 100. Bupa is not a mutual or a charity but a company limited by guarantee that seeks to maximise its profits in order to fulfil its purpose. With customers in virtually every country in the world and 70% of its revenues now generated outside the UK, Bupa is a truly international organisation.
Bupa believes that the growth and performance of our leaders and our people is the single biggest pathway to fulfilling our purpose (longer, healthier, happier lives) and delivering Bupa’s 2020 goals. We have a leadership framework called “Bupa Leaders Are” which sets out what great leadership looks like at Bupa. Leaders are called upon to grow themselves, to grow others, to grow the business, and fulfil our purpose: longer, healthier, happier, lives. We are looking for individuals who are capable of delivering extraordinary business outcomes.
Bupa’s International Markets (IM) unit has 16 million customers in 190 countries across all continents around the world. It manages a portfolio of businesses, including a large international health insurance, travel insurance and medical assistance business called Bupa Global, as well as established domestic health insurance businesses in Hong Kong and Thailand, two associate health insurance companies in Saudi Arabia (26.25% Bupa ownership) and India (49% Bupa ownership), and Hong Kong’s largest private clinic network.
Bupa Global provides products and services worldwide to people who want access to premium health and care at home or as they study, live, travel or work abroad. We provide international health insurance, travel insurance and medical assistance to individuals, small businesses and global corporate customers all around the world.
Bupa Global has over 1,800 employees and has offices in London and Brighton (UK), Miami (USA), Copenhagen (Denmark), Hong Kong (Greater China), and Dubai (UAE), as well as in Egypt, Mexico, the Dominican Republic, Bolivia, Panama, Guatemala and Ecuador. Bupa Global is currently organised around five regional hubs: Bupa Global Middle East, Africa and India; Bupa Global Greater China; Bupa Global Latin America; Bupa Global North America and Bupa Global Europe.
Timescales for reviewing applications will differ between regions, but you will always receive a response to your application. The recruitment process itself will vary per role and region, but you will be updated along the way via phone and email (so please look out for these!). To view what stage of the process your application is currently at, you can also log in and view your dashboard.
If you are invited to an interview, a member of the resourcing team will be able to advise you on what to expect. This will vary in region, but will likely include an initial phone or digital interview, followed by one or more of the following depending on the role: Core capability interview; Technical/function specific interview; Online profiling assessment; Presentation, written task, role play; Assessment centre.
If your application is successful and you’re invited to join the team, the resourcing team will guide you through your on boarding journey.
Should you require any reasonable adjustments to be made or facilities provided to enable you to attend an interview, please do not hesitate to contact us prior to the interview at firstname.lastname@example.org, so we can make adjustments accordingly.