• Bournemouth
Vitality is an award winning, dynamic and vibrant financial services provider, with a ground-breaking vision for the future, where individuals are enabled to succeed and are rewarded and recognised for their contribution to our business.

Our CORE PURPOSE is to make people healthier and to enhance and protect their lives. From people to products and processes, we aspire to deliver on our purpose in everything we do.

Our VISION is to be the BEST health insurer in the UK

We are looking for talented individuals who are committed to living our values and delivering an award winning service to our customers.

Overall Job Purpose

Support the CISO with the implementation of the Information Security Strategy and maintenance of the Information Security Management System.
Technical leadership and delivery of technical controls, in support of the Information Security Strategy
Managing the expanding Information Security team, responsible for ensuring that information assets are adequately protected and that appropriate controls and mitigating actions are in place to manage identified information security risks.
To protect Vitality and its member’s data; work with stakeholders to ensure appropriate controls are in place.


Provide expert professional advice across Vitality on Information Security best practice
Deliver key Information Security initiatives/projects, in line with InfoSec and Cyber Security strategy and Enterprise Risk Framework
Ensure compliance with Regulatory requirements and Information Security best practice frameworks (e.g. ISO27001, GDPR, NIST, ITIL) to ensure the Confidentiality, Integrity and Availability of Vitality Information Systems
Chair Security Committees and meetings; represent Vitality at external events and meetings.
Manage the Information Security team, including IT Risk Management function.
Oversee Security in project and development activities, to ensure Information Security risks are identified and are being addressed through the project process/SDLC
Responsible for ensuring Supplier Security risks are assessed and managed
Be a key contact for, and lead on the management of information security incidents/cyber incidents. Further develop Cyber Incident detection and response capabilities
Lead on the development and maintenance of Information Security Policies, Standards and Processes across the Vitality Group
Responsible for the evaluation, recommendation and implementation of security applications, tools and processes, and their continuous improvement; threat modelling and analysis of future trends; penetration testing and remediation.

Skills required

Proactive self-starter, self-motivated, results focused, going the extra mile when necessary
Versatile, able to work on differing initiatives; ability to multi-task and prioritise activities
Confident communicator; ability to articulate technical knowledge to non-technical audience
Will share Vitality values and demonstrate these in all their work
Ability to solve complex problems and make key decisions
Ability to demonstrate high degree of accuracy and attention to detail in all tasks; strong analytical skills
Positive thinker with a “can-do” approach to business
Solution oriented


Professional security qualifications and certifications such as MSc, CISSP, CISM, CISA or equivalent
Minimum 7 years’ experience working in Information Security
Supplier Security assessment and management
Excellent verbal and written communication skills; ability to articulate technical knowledge to non-technical audience; production of policy/standards/project documentation
Experience of working with projects throughout the SDLC; Agile methodology
Appropriate level of technical knowledge (configuration of security tools; SIEM,
Experience of designing, implementing and managing information security initiatives e.g. SIEM, RBAC, DLP, FIM
Sound understanding of security frameworks (e.g. ISO27001/2, PCI DSS, NIST), Data Protection and regulatory compliance (e.g. FCA, ICO, PRA, GDPR)


Experience within the insurance, healthcare and/or financial services industries
Ability to conduct internal audits and write associated audit reports
DocuSign Envelope ID: BAE0227A-B547-497A-9695-A4D85F929156

Working for VitalityLife, you'll experience an exciting mix of creativity and innovation, within a framework of challenging objectives and a passion for delivering the best. We think work should be fun and sociable, and we want our people to get the most out of every day.

Our people are chosen for their skills, knowledge, enthusiasm and attitude but above all, their belief that anything can be achieved.