Senior Information Security Officer

Salary: £80,000 - 80,000 per year

• We need at least 5 years of experience working in an information security environment.
• We need proven experience assessing and managing supplier and third-party security risk.
• We need strong communication skills and the ability to translate technical concepts into clear, business-friendly messaging.
• We need experience producing high-quality documentation, including policies, standards, and project artefacts.
• We need demonstrated experience working across projects and development lifecycles, including Agile environments.
• We need hands on experience implementing and maintaining ISO27001 and broader security governance frameworks such as ISO27001/2, NIST, and PCI DSS.
• We need a solid understanding of data protection and regulatory requirements, including FCA, ICO, PRA, and GDPR.
• We need the ability to balance risk, compliance, and business objectives in a fast paced, evolving environment.
• We need experience in information security governance and risk leadership.
• We need familiarity with security culture influence and stakeholder communication.
• We are happy to consider flexible working arrangements.
• This is a full time role at 35 hours per week with a hybrid working pattern, requiring 2 days per week in our Bournemouth office.

• We will have you drive the continuous improvement of our ISO27001 framework and Information Security Management System (ISMS), ensuring ongoing compliance.
• We will have you deliver key security initiatives that bring our Information Security Strategy to life and create measurable impact.
• We will have you own and mature our information risk management approach in alignment with our Enterprise Risk Framework.
• We will have you act as a trusted advisor on regulatory requirements and best practice frameworks, including ISO27001, GDPR, NIST, and ITIL.
• We will have you lead security governance forums and manage our Information Security Governance team, including the information risk function.
• We will have you embed security across projects and development lifecycles, ensuring risks are identified, assessed, including DPIAs, and effectively mitigated.
• We will have you oversee supplier and third party security risk, working closely with Cyber Security Operations to protect our wider ecosystem.
• We will have you drive a strong security culture by maintaining policies, delivering compliance reviews, and rolling out awareness and training programmes.
• We will have you work closely with our CISO to turn strategy into action and strengthen our security posture.
• We will have you help ensure our security controls protect and enable the business to thrive.

• ITIL
• Security
• Support

We are Vitality, a multi award winning UK insurance brand with a purpose driven culture focused on making people healthier and happier. We are proud to be recognised as one of Glassdoor's Best Places to Work 2026 and a Top 10 Place to Work in the Sunday Times Awards in 2024. In this Senior Information Security Officer role, you will join our Information Security team in a hybrid arrangement, working 2 days per week from our Bournemouth office on a full time 35 hour schedule. We offer a competitive package that includes bonus schemes, pension contributions of up to 12%, matched contributions up to 6% of salary, award winning health insurance, and life assurance at four times annual salary. We are committed to flexibility, career growth, a healthy work life balance, and creating an environment where our people can be themselves, do their best work, and help us make a positive difference for our 1.7 million members and society.