Group Head of Security Strategy & Architecture

Job Description:

Group Head of Security Strategy & Architecture

London – working in the office 1-2 times per week

Hybrid & flexible working options

Permanent

Competitive salary + benefits package

Full Time – 35 hours

Closing date for applications – Friday 3rd July 2026

We make health happen!

At Bupa, our purpose is simple – we help people live longer, healthier, happier lives. And we make a better world while we do it.

As our Group Head of Security Strategy & Architecture, you’ll play a vital role in protecting that purpose. You’ll help keep our customers, people and services safe from cyber threats, shaping how we design and deliver secure technology across our global business.

This is a senior leadership role where your work will have real impact. You’ll set the direction for how we manage cyber risk, work closely with senior leaders across Bupa, and influence decisions at the highest level – right up to the Board. You’ll also lead a talented global team and help create a secure, resilient environment in a complex, highly regulated organisation.

Key Responsibilities:

• Set and lead Bupa’s global information security strategy, making sure it supports our business goals and keeps our customers safe
• Develop and maintain security policies, standards and guidance in a clear, practical way
• Shape and oversee our security architecture to meet regulatory requirements and industry good practice
• Work closely with teams across Bupa to help them understand and apply security standards
• Provide expert advice on complex or high-risk projects, including major cyber incidents
• Lead and inspire a diverse, high-performing security strategy and architecture team
• Build strong relationships with senior stakeholders, including executives and external partners
• Support governance and decision-making by contributing to Board and executive discussions
• Stay up to date with emerging threats and technology, and turn insight into practical action

What We’re Looking For:

This is a technical role, where deep expertise in at least one security domain is essential, matched by proven technical knowledge across all security and technical domains, and practical, recent experience in leading use of architectural and industry frameworks.

• A proven ability to identify and assess complex information security risks and controls
• Experience in and an understanding of the information security risks faced by Financial Services, Healthcare businesses or similarly complex, regulated sectors.
• Experience of threat modelling or other risk identification techniques and the development of frameworks and controls to mitigate subsequently identified risks. 
• Experience working with Security and Technology leadership teams, and senior business stakeholders to articulate risk and technical requirements.
• Strong understanding of the secure software development lifecycle, cloud architecture and modern engineering practices, including DevSecOps, agile delivery, CI/CD pipelines, automation, infrastructure as code, containerisation and API-led architectures, with the ability to translate these concepts into practical security requirements and architectural guidance
• Experience in infrastructure or application-level security architecture and design with detailed knowledge of system security vulnerabilities, exploits, and remediation techniques
• Deep understanding of security frameworks and their relevant applications (e.g. NIST CSF, SOGP, ISO)
• Deep technical knowledge of security solutions and architecture principles, processes and external frameworks (e.g. TOGAF, SABSA, Zachman)

Desirable Knowledge and Skills:

• A current Certified Information Systems Security Professional (CISSP) or equivalent security certification 
• MSc in Information Security, IT or relevant subject
• Experience of delivering strategy, architecture solutions and improvement plans in large, complex, multinational Group organisation
• Experience in delivering business-aligned strategy proposals and solutions to Boards and C-suite in a compelling and accessible way

Most importantly, you’ll be someone who cares about doing the right thing, works well with others, and is motivated to make a positive difference.

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family-friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

• 25 days holiday, increasing through length of service, with the option to buy or sell
• Enhanced pension and life insurance
• Car allowance and annual bonus
• Private medical insurance
• Global wellbeing days
• Opportunities for career development and internal mobility

Why Bupa?

We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all of our people to “Be you at Bupa”, we champion diversity, and we understand the importance of our people representing the communities and customers we serve.  That’s why we especially encourage applications from people with diverse backgrounds and experiences.

Bupa is a Level 2 Disability Confident Employer. This means we aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We’ll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them. 

Time Type:

Full time

Job Area:

Locations:

Angel Court, London