Head of IT Risk Governance

Job Description:

Head of IT Risk Governance

London, Hybrid (UK)

Permanent

We make health happen

At Bupa, our purpose is helping people live longer, healthier, happier lives and making a better world. In Technology GRC, you’ll turn that purpose into action by strengthening how we manage technology and cyber risk across Bupa Global, India and UK (BGIUK).

This Head of GRC role is a visible, high‑impact position: you’ll set direction, drive standards and deliver board‑level materials that help leaders make confident decisions. You’ll have scope to shape a maturing function, lead meaningful transformation and collaborate across senior stakeholders. Hybrid working and global reach make this an opportunity to grow your influence while improving health outcomes at scale.

Key Responsibilities

• Lead governance, reporting, assurance, audit coordination and policy compliance for technology and cyber risk.
• Build clear, timely dashboards and papers for executives and board committees; track and close audit actions.
• Maintain compliance with internal policies and external regulations; regularly review and improve standards.
• Aggregate risk reporting from business units to create a single, trusted view of technology and cyber risk.
• Plan agendas and content for risk committees; keep governance templates, reviews and quality checks on track.
• Coach teams to turn regulatory updates, audit findings and incidents into actionable insights.

What We’re Looking For

• Senior leadership in technology/cyber risk governance, reporting and assurance; strong stakeholder influence.
• Excellent written communication for board‑level packs, dashboards and presentations.
• Advanced analysis of risk and control metrics; ability to translate complex material into clear messages.
• Hands‑on knowledge of frameworks and standards: ISO 27001, NIST, COBIT, ITIL, PCI DSS, CIS, OWASP
• Experience in regulated environments (financial services, insurance or healthcare) is a plus; familiarity with FCA, PRA, ICO, CQC helpful.
• Useful qualifications (not essential): CISSP, CISA, CISM, GRCP, CGEIT, CRISC, ISO 27001 Lead Implementer/Auditor.

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – mental, physical, financial, social and environmental. We support flexible working and have a range of family‑friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

• 25 days holiday, increasing through length of service, with the option to buy or sell
• Enhanced parental leave
• Company-matched pension scheme
• Annual performance-based bonus
• Private medical insurance
• Access to our health assessments and wellbeing services
• Discounts on Bupa products and services

Why Bupa

We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all of our people to “Be you at Bupa”. We champion diversity, and we understand the importance of our people representing the communities and customers we serve. That’s why we especially encourage applications from people with diverse backgrounds and experiences.

Bupa is a Level 2 Disability Confident Employer. We aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We’ll treat you fairly and offer reasonable adjustments throughout our recruitment process.

Time Type:

Full time

Job Area:

IT

Locations:

Angel Court, London