Senior Information Security Leader: Governance & Risk

Team

Information Security

Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week.

We are happy to discuss flexible working!

• Information Security Governance & Risk Leadership
• Regulatory & Framework Expertise (ISO
  27001, GDPR, NIST)
• Stakeholder Communication & Security Culture Influence

As Senior Information Security Officer, you’ll drive a business‑wide security agenda, shaping how we identify, assess and manage risk while keeping pace with evolving threats and regulations. Working closely with the CISO, you’ll turn strategy into action, lead our Security Governance team, and ensure our security posture not only protects but enables the business to thrive.

• Lead the continuous improvement of Vitality’s ISO
  27001 framework and Information Security Management System (ISMS), ensuring ongoing compliance
• Deliver key security initiatives that bring the Information Security Strategy to life and drive measurable impact
• Own and mature Information Risk management in alignment with the Enterprise Risk Framework
• Act as a trusted advisor on regulatory requirements and best‑practice frameworks (ISO
  27001, GDPR, NIST, ITIL), protecting the confidentiality, integrity and availability of systems
• Lead security governance forums and manage the Information Security Governance team, including the Information Risk function
• Embed security across projects and development life cycles, ensuring risks are identified, assessed (including DPIAs), and effectively mitigated
• Oversee supplier and third‑party security risk, working closely with Cyber Security Operations to protect Vitality’s wider ecosystem
• Drive a strong security culture by maintaining policies, delivering compliance reviews, and rolling out engaging awareness and training programmes

• Minimum 5 years’ experience working in an Information Security Environment
• Proven experience in assessing and managing supplier and third‑party security risk
• Strong communication skills, with the ability to translate technical concepts into clear, business‑friendly messaging and produce high‑quality documentation (policies, standards, project artefacts)
• Demonstrated experience working across projects and development life cycles (SDLC), including Agile environments
• Hands‑on experience implementing and maintaining ISO
  27001 and broader security governance frameworks (e.g. ISO
  27001/2, NIST, PCI DSS)
• Solid understanding of data protection and regulatory requirements (e.g. FCA, ICO, PRA, GDPR) and how to apply them in practice
• Ability to balance risk, compliance and business objectives in a fast‑paced, evolving environment

• Bonus Schemes – A bonus that regularly rewards you for your performance
• A pension of up to 12% – We will match your contributions up to 6% of your salary
• Our award‑winning Vitality health insurance – With its own set of rewards and benefits
• Life Assurance – Four times annual salary