IAM and GRC Lead - FTC

Team

Vitality Technology

Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week.

We are happy to discuss flexible working!

• Experience driving governance, risk, and control delivery
• Proven track record leading cross-functional security initiatives
• Confident in owning audit, reporting, and assurance outcomes

At Vitality, we’re looking for an IAM & GRC Lead to take ownership of delivering our security governance, identity and access management, and assurance activities. This is a hands‑on role where you’ll work closely with teams across the business to keep key security, audit, and regulatory priorities on track and delivered to a high standard. You’ll help ensure controls are in place, reporting is clear and useful, and our approach to security remains consistent and effective—playing a key role in strengthening governance, supporting audits, and driving delivery across both our UK and Vietnam operations.

• Own and deliver security governance and control activities, including ITGC execution, audit readiness, evidence tracking, and support for GIA governance audits
• Maintain and update the ISO
  27001 ISMS (including policy and standards refresh), and deliver operational resilience and BCP artefacts aligned to regulatory expectations
• Drive control and assurance activities, including Segregation of Duties remediation and third‑party assurance questionnaires (SIG Lite and broader SIG), proactively identifying and mitigating risks
• Support cloud and platform security onboarding (GCP VMSP), alongside IAM/IDAM onboarding, role management, reporting discipline, and data classification and labelling aligned to global standards
• Coordinate security tooling and testing, including penetration testing and Wiz deployment, embedding solutions into BAU processes
• Establish and maintain clear, decision‑useful security reporting and governance, including monthly reporting (1st and 2nd line), Security KRIs, and Tech Comm reporting across the UK and Vietnam
• Build strong stakeholder relationships across technical and business teams, ensuring clear communication, alignment, and delivery of security priorities in a fast‑paced, evolving environment
• Work independently to prioritise, make decisions, and drive activities through to completion, aligning security initiatives with wider business objectives and delivering practical value

• Significant experience operating in a senior‑level security, IAM, or GRC role
• Strong knowledge of IAM/IDAM processes, including role management and access controls
• Experience working with governance, controls, and audit frameworks (e.g. ISO
  27001, ITGCs)
• Experience with third‑party risk and security questionnaires (e.g. SIG)
• Exposure to cloud environments (ideally GCP) and platform onboarding
• Experience producing clear, executive‑level reporting, including KRIs
• Proven ability to coordinate delivery across multiple teams and stakeholders
• Experience supporting audit processes (internal, external, and GIA)
• Ability to manage competing priorities and deliver to tight timelines with a hands‑on, delivery‑focused approach
• Strong collaboration skills, with the ability to bring stakeholders on the journey

• Bonus Schemes – A bonus that regularly rewards you for your performance
• A pension of up to 12% – We will match your contributions up to 6% of your salary
• Our award‑winning Vitality health insurance – With its own set of rewards and benefits
• Life Assurance – Four times annual salary