Operational Resilience Senior IT Risk Manager

Job Description:

Operational Resilience Senior IT Risk Manager

London

Permanent

Full time & Hybrid

Salary - Competitive DOE & Attractive benefits package

The closing date for all applications is Tuesday 24th February 2026

We make health happen!

At Bupa, we're here to help people live longer, healthier, happier lives - and make a better world. As an Operational Resilience Senior IT Risk Manager, you'll work closely with the Group Head of IT & Information Security Risk playing a vital role in protecting the technology that underpins our critical services.

You'll play a key role in identifying, assessing, and managing IT risks across the Group, while implementing robust frameworks and controls to ensure effective risk management. Ultimately, your work will help us stay resilient, safeguard customer data, and ensure we can deliver care when it matters most.

How you'll help us make health happen:

• Support the ongoing implementation of robust IT resilience controls and processes, including the development and monitoring of key risk indicators (KRIs), control effectiveness reviews, and thematic insights to strengthen the organisation's technology resilience posture.

• Partner with Market Unit technology teams to define, implement, and embed robust resilience controls and processes for data centres supporting critical services, while ensuring that resilience requirements are fully integrated into incident, problem, and change management practices to enable proactive detection, rapid response, and effective mitigation of technology disruptions.

• Work in close partnership with the Group Head of IT & Information Security Risk to maintain alignment, consistency, and maturity across enterprise risk management practices, reporting standards, and governance forums.

• Lead and facilitate targeted risk assessments, thematic deep‑dives, and ad‑hoc reviews to proactively identify emerging threats, technology vulnerabilities, resilience gaps, and systemic risks across the Group's IT estate.

• Design and contribute to Group‑wide severe‑but‑plausible scenario exercises, ensuring the organisation is able to demonstrate and evidence its capability to remain within impact tolerances and meet service‑level commitments across critical and important business services.

• Produce high‑quality, insight‑driven risk reports and executive‑level briefings suitable for senior leadership teams, regulators, and board‑level committees, clearly articulating risk exposure, resilience posture, and required management actions.

• Champion a strong culture of IT risk awareness and operational resilience, providing targeted training, coaching, and guidance to business units, technology teams, and senior stakeholders to uplift capability and embed best practice.

• Collaborate with cross‑functional teams to assess the risk and resilience implications of new technologies, architectural changes, regulatory developments, and industry standards, ensuring proactive adjustments to the Group's risk posture where needed.

• Support and guide Market Units in the identification, prioritisation, and sequencing for recovery of critical internal technology services, ensuring alignment with impact tolerances, business continuity requirements, and resilience strategies.

Skills & Experience needed for this role:

• Extensive, demonstrable expertise in IT Risk Management and Operational Resilience, with a proven track record of technology risk experience in a global organisation.

• Excellent knowledge of service management disciplines such as incident management, problem management, change management, capacity management, and backup/data recovery operations.

• Experience working with hybrid or cloud environments (AWS, Azure, GCP), including resilience considerations, cloud migration governance, and architectural assurance.

• Demonstrated ability to partner with CIOs, security teams, service owners, and operational risk stakeholders to embed consistent technology risk practices.

• Ability to interpret risk data, analyse trends, and develop insight‑led reporting for senior leadership or Board committees.

• Proven experience contributing to or maintaining technology risk policies, standards, KRIs, and risk taxonomies.

• Applied experience in assessing or recovering critical internal services, technology tiers and business service dependencies

• Deep knowledge of IT risk and resilience frameworks, methodologies, and regulatory expectations

• Exceptional communication, stakeholder engagement, and influencing capability, with the ability to gain buy‑in from senior executives, challenge effectively, and drive risk‑informed decision‑making across all levels of the organisation.

• Professional certifications such as CISSP, CISM, CRISC, CBCI, or equivalent are highly desirable and demonstrate commitment to ongoing professional development.

• Strong grounding in industry standards and frameworks, including ISO 22301/22330 (Business Continuity & Resilience), ISO 31000 (Risk Management), ISO 27001/27002 (Security), NIST CSF, COBIT, and ITIL, with the ability to operationalise these within a risk management context.

• Strategic thinker with a proactive, analytical, and solutions‑focused mindset, able to anticipate emerging risks, influence future planning, and shape long‑term resilience strategies.

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health - from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

• 25 days holiday per year.

• Management bonus scheme

• Car allowance

• Access to a range of services to support your physical and mental wellbeing

• Workplace pension

• Online discounts covering your everyday shopping, entertainment, eating out and more.

Why Bupa?

We're a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose - helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all of our people to ”Be you at Bupa”, we champion diversity, and we understand the importance of our people representing the communities and customers we serve. That's why we especially encourage applications from people with diverse backgrounds and experiences.

Bupa is a Level 2 Disability Confident Employer. This means we aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We'll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them.

If you require information regarding this role in an alternative format, please email: grouprecruitmentandtalent@bupa.com

Time Type:

Job Area:

Locations: