At Bupa, were passionate about technology. With colleagues, customers, patients and residents in mind youll have the opportunity to work on innovative projects and make a real impact on their lives. As Head of Cyber Threat Exposure, youll play a crucial role in vulnerability management and offensive activities across Bupa. Youll provide threat-led cyber security leadership, subject matter expertise, oversight, E2E process design and implementation, and coordination of vulnerability management and offensive security services across all technology in Bupa. How youll help us make health happen • Lead a team of technical security experts to drive a continuous ecosystem for managing vulnerabilities and offensive security to limit Bupas exposure from both strategic and tactical threats. • End to end management and delivery of security services including penetration testing, assumed breach testing, attack and social engineering simulations, red and purple teaming. • Provide comprehensive dashboarding and reporting capabilities leveraging threat intelligence and proactively identify, prioritise, and remediate vulnerabilities and threat exposures • Ensure that all technology, cloud services and third-party solutions comply with defined vulnerability management and penetration testing requirements. • Act as Bupas subject matter expert on vulnerability impact and risk, providing guidance on root cause and managing the full lifecycle of reported vulnerabilities through to closure. • Collaborate with their counterparts in other Bupa Markets to share knowledge, ideas, innovation, and areas for improvement. • Stay abreast of emerging cybersecurity industry thought leadership, external industry colleagues, threats, vulnerabilities, and attack techniques. What youll bring • Solid experience in cybersecurity, with extensive experience in threat management, vulnerability management, offensive security practices and security testing. • Strong knowledge of common security vulnerabilities, attack vectors, and security testing frameworks, such as OWASP, MITRE ATT&CK, CVE / CVSS, and NIST SP 800-53. • Experience of vulnerability scanning tools, penetration testing tools, and security testing frameworks (e.g., Nessus, Metasploit, Burp Suite, Nmap, Claire, and OpenSCAP). • Extensive experience with Red Teaming, Purple Teaming and Attack Automation. • Familiarity with industry regulations and compliance standards related to cybersecurity, such as NIST CSF, SOC2, PCI DSS, and ISO 27001. • A relevant professional qualification in Cyber and Information Security (e.g., OCSP, CISM, CISSP, CEH) • Experience of vulnerability management and security testing in cloud environments (such as Azure, GCP and/or AWS) including containers, containerised applications, and infrastructure e.g., Kubernetes. • Excellent analytical and problem-solving skills, with the ability to analyse complex technical issues and recommend effective solutions. • Strong communication skills, with the ability to convey technical concepts and findings to non-technical stakeholders and senior management. • Ability to take decisive action where time is critical factor and maintain a high degree of confidentiality, even under pressure. Benefits Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits. • Joining Bupa in this role you will receive the following benefits and more: • 25 days holiday, increasing through length of service, with option to buy or sell • Bupa health insurance as a benefit in kind • An enhanced pension plan and life insurance • Annual performance-based bonus • Onsite gyms or local discounts where no onsite gym available • Various other benefits and online discounts