Senior Information Security Officer

Salary: £80,000 - 80,000 per year

Requirements

• At least 5 years of experience working in an information security environment.
• Proven experience assessing and managing supplier and third-party security risk.
• Strong communication skills and the ability to translate technical concepts into clear, business-friendly messaging.
• Experience producing high-quality documentation, including policies, standards, and project artefacts.
• Demonstrated experience working across projects and development lifecycles, including Agile environments.
• Hands-on experience implementing and maintaining ISO27001 and broader security governance frameworks such as ISO27001/2, NIST, and PCI DSS.
• Solid understanding of data protection and regulatory requirements, including FCA, ICO, PRA, and GDPR.
• Ability to balance risk, compliance, and business objectives in a fast-paced, evolving environment.
• Experience in information security governance and risk leadership.
• Familiarity with security culture influence and stakeholder communication.

We are happy to consider flexible working arrangements. This is a full-time role at 35 hours per week with a hybrid working pattern, requiring 2 days per week in our Bournemouth office.

Responsibilities

• Drive the continuous improvement of our ISO27001 framework and Information Security Management System (ISMS), ensuring ongoing compliance.
• Deliver key security initiatives that bring our Information Security Strategy to life and create measurable impact.
• Own and mature our information risk management approach in alignment with our Enterprise Risk Framework.
• Act as a trusted advisor on regulatory requirements and best-practice frameworks, including ISO27001, GDPR, NIST, and ITIL.
• Lead security governance forums and manage our Information Security Governance team, including the information risk function.
• Embed security across projects and development lifecycles, ensuring risks are identified, assessed, including DPIAs, and effectively mitigated.
• Oversee supplier and third-party security risk, working closely with Cyber Security Operations to protect our wider ecosystem.
• Drive a strong security culture by maintaining policies, delivering compliance reviews, and rolling out awareness and training programmes.
• Work closely with our CISO to turn strategy into action and strengthen our security posture.
• Help ensure our security controls protect and enable the business to thrive.

Technologies

• ITIL
• Security
• Support

We are Vitality, a multi-award-winning UK insurance brand with a purpose-driven culture focused on making people healthier and happier. We are proud to be recognised as one of Glassdoor’s Best Places to Work 2026 and a Top 10 Place to Work in the Sunday Times Awards in 2024. In this Senior Information Security Officer role, you will join our Information Security team in a hybrid arrangement, working 2 days per week from our Bournemouth office on a full-time 35-hour schedule. We offer a competitive package that includes bonus schemes, pension contributions of up to 12%, matched contributions up to 6% of salary, award-winning health insurance, and life assurance at four times annual salary. We are committed to flexibility, career growth, a healthy work-life balance, and creating an environment where our people can be themselves, do their best work, and help us make a positive difference for our 1.7 million members and society.