Lead Security Architect

Job Description

1. Business Title Lead Security Architect –

Identity and Access Management (IAM)

2. Job Profile
3. Management Level To be confirmed by Reward JE Panel
4. Job Family Group
5 Job Family IT
6. Function Functions – Technology
7. Reporting to Principal Security Architect
8. Location London / Staines / Salford Quays / Flexible
9. Date Revised DD/MM/YYYY
Bupa's purpose is longer, healthier, happier lives. We do this by providing a broad range of healthcare services, support and advice
to people throughout their lives.
A leading international healthcare group, we run care homes, health centres, dental centres and hospitals, offer personal and
company health insurance and provide workplace health services, health assessments and chronic disease management services
including health coaching.
We are committed to making quality healthcare, focused on the patients’ needs, more affordable and accessible in the areas of
wellness, chronic disease management and ageing. That’s why we have a broad range of products and services that you don’t
need our health insurance to access.
10. Job purpose
We are seeking an experienced Identity and Access Management (IAM) Architect to own the strategy, design and evolution of
Identity and Access Management across BGIUK.
This pivotal role will ensure that identity services are secure, scalable, and user-centric, enabling digital transformation whilst
protecting critical assets across cloud and on-premises environments and supporting regulatory compliance.
The IAM Architect will define the target state IAM architecture, lead the development of reference models, and work closely with
product, engineering, operations and business teams to ensure effective adoption and lifecycle management of IAM solutions.
11. Accountabilities and Responsibilities
This role is accountable for:
 Definition and maintainence of the enterprise IAM architecture and target state aligned to Zero Trust principles and
business requirements.
 Development of reusable design patterns, reference architectures, and guardrails for IAM services including:
o Identity lifecycle management (joiner/mover/leaver processes)
o Role-based and attribute-based access control (RBAC/ABAC)
o Federated identity and SSO integration (e.g., SAML, OIDC, OAuth2)
o Multi-Factor Authentication (MFA) and passwordless authentication

Job Description

o Conditional access and adaptive access policies
o PAM controls across cloud, SaaS, and on-prem assets
o Certificate Lifecycle Management
 Evaluation and selection of IAM technologies including cloud-native and third-party platforms (e.g. Azure AD, Entra ID,
Okta, CyberArk, BeyondTrust SailPoint).
 Leading the architectural integration of IAM solutions across critical platforms (Azure, GCP, SaaS, legacy apps,
Kubernetes).
 Supporting the development of identity APIs, entitlements services, and Just-In-Time (JIT) provisioning models.
 Design of scalable identity governance and administration (IGA) solutions for staff, customer, and third party identities.
 Collaboration with Cybersecurity, Risk, Platform Engineering, and Compliance teams to ensure IAM controls are
embedded into enterprise services.
 Driving the adoption of Zero Trust principle across all IAM products / services
 Stay ahead of emerging identity trends (decentralised identity, passkeys, identity fabric) and guide architectural
opportunities.
 Providing consultancy and technical leadership during solution design, control remediation, audits, and incident response.
 Support internal and external risk, control, compliance and audit reviews.
Culture
 Be passionate about making a difference and positively challenge the status quo through continuous improvement.
 Play a leading role in the ongoing development and evolution of all responsible areas of this role via programmes
or continuous improvement initiatives in BAU.
 Ensure the adoption of a culture that prioritises good security practices and regulatory compliance.
 Create a culture of synergy with all CISO team members and wider Group, other Market Unit and BGIUK stakeholders that
encourages transparency, accountability, and mutually agreeable ways forward both tactically and strategically.
 Drive a culture of adaptability, agility, engagement, and responsiveness in times of uncertainty and ambiguity.
Planning & Performance
 Drive a culture of continuous improvement that constantly seeks to improve autonomy, increase visibility and
understanding of vulnerabilities, weaknesses and exposures, efficiency and effectiveness.
 Support the Principal Security Architect and Head of IAM in the management and delivery of security-related
activities, exploring opportunities to collaborate and support activities in BGIUK and globally to assist delivery
and where possible achieve standardisation and economies of scale.
 Influences policy and strategy formation. Initiates influential relationships with internal and external customers,
suppliers and partners at senior management level, including industry leaders. Makes decisions which impact the
work of employing organisations, achievement of organisational objectives and financial performance.
Leadership and People Performance
 Identify the communications needs of each stakeholder group in conjunction with business owners and subject matter
experts to translate communications / stakeholder engagement strategies into specific tasks.
 Engage and influence stakeholders at senior levels, ensuring that organisational policy and strategies are adhered to.
 Build effective working relationships with partners, industry bodies and suppliers.
 Demonstrable experience of providing thought leadership.
 Create a climate where people take accountability and people are empowered to find solutions.
 High-level of personal integrity, as well as the ability to handle confidential matters and show an appropriate level of
judgment, professionalism, and maturity.

12. Qualifications, skills and experience

Job Description

The role holder is expected to have the following qualification(s), skills and experience:
 7+ years of experience in IAM, security architecture, or cloud engineering with a strong IAM focus.
 Proven experience designing and implementing enterprise IAM strategies and solutions.
 Deep understanding of IAM governance frameworks access review processes and IAM Controls.
 Experience with identity risk assessments, audit findings remediation, and control mapping.
 Practical experience with major IAM platforms and cloud environments (Azure, GCP).
 Experience securing hybrid and multi-cloud environments and integrating SaaS applications.
 Familiarity with Kubernetes, container-based IAM policies, and workload identity federation.
 Relevant certifications preferred (e.g., Microsoft Identity & Access Administrator (SC-300), Certified Identity and Access
Manager (CIAM), CISSP, CCSP, or SABSA).
 Have worked in a Product centric organisational structure
 Deep expertise in IAM domains: IGA, PAM, AM, SSO/Federation, Directory Services, Certificate Management and MFA.
 Strong architecture and solution design skills for cloud-native and hybrid IAM implementations.
 Familiar with Microsoft Entra ID, Azure AD B2C/B2B, Okta, SailPoint, CyberArk, HashiCorp Vault, BeyondTrust etc.
 Working knowledge of identity protocols: SAML, OAuth2, OpenID Connect, SCIM.
 Hands on experience with RBAC/ABAC, policy-based access, and entitlement services.
 Strong understanding of Zero Trust models and how IAM enables micro segmentation and least privilege.
 Experience with DevSecOps integration of IAM, including API authentication and secret management.
 Awareness of local and global privacy and compliance standards (e.g. Data Protection Act, GDPR, PCI-DSS, ISO 27001,
NIST).
 Strong documentation and reference model creation capabilities.
 Able to articulate complex identity architectures to technical and non-technical audiences.

13. Bupa Core Competencies.
The role holder is expected to have an ADVANCED level of competence in the following areas:
Commercial Judgement The ability to understand our business and deliver the business performance needed

to achieve our purpose and goals.
As well as a good grasp of all Bupa products and services, you have a solid
understanding of your business area's market positioning and potential. You can spot
the opportunities which will deliver increased commercial returns and ensure you
prioritise these. You look beyond your business area to the wider organisation and the
external market, both to anticipate the impact of changes and to seek out examples of
best practice. You look to build your function's proposition around the needs of the
customer.

Engage and Influence The ability to build connections and partnerships in own business area and beyond
through formal and informal channels. Able to use insights and relationships to
influence others and get things done.
You’re a persuasive, credible authority on your business area but also understand how
it fits into the wider organisation. You use your strong network of connections across
Bupa to obtain strategic insights, collaborate with key stakeholders and influence the
direction of your business line or function.

Customer Obsession Obsessive about Bupa’ s current and potential customers. Your every activity and

decision have our customers’ needs at the core.
Has a forward view on consumer, customer, and industry trends to influence change on
our proposition. Aware of innovation and opportunities for customers. Applies broader
knowledge than just own function and company.

Job Description

Outcome Focused The ability to set and achieve personal and team goals that deliver on Bupa’s strategic

framework and business/functional goals.
You set ambitious goals for your business area and provide expert insight on how to
achieve them in complex environments with various stakeholders. You bring in external
benchmarks and best practices were helpful. You make sure current performance
standards are high while keeping an eye on how to raise them in the future.
Personal and Team Leadership You play an active role in making Bupa a place where everyone loves to work and are
happier and healthier for it at the same time as delivering fantastic business and
customer performance outcomes.
You take responsibility for connecting the work of your team with Bupa's strategic
framework and the customer and employee journey. You make sure your business unit
has the people it needs both now and to be ready for the future. You foster a culture of
self-driven learning and career management encouraging your team to teach and
coach each other. You are known for spotting and developing potential and lead talent
development initiatives. You lead the way in creating a resilient team demonstrating
effective ways to do this and inspire others by openly sharing your personal learning.
Manage and Lead Change The ability to adapt to change and make change happen. Embeds change effectively,

leading and supporting people through change.
You drive large-scale change in line with our organisation’s requirements, drawing on
your experience to assess the impact of this work on your business area and others. You
clearly articulate the need for this change by focusing on the benefits, and support
people through it by rewarding adaptation and encouraging them to question
established working practices.

Managing Risk and Compliance The ability to plan and implement appropriate measures to reduce the likelihood of an
event adversely affecting Bupa’s ability to achieve its objectives and/or to complete
day to day activities in a manner which is consistent with legal, regulatory and
customer expectations.
You take responsibility for managing all operational risks and incidents for your area,
working cross functionally to consider the wider Bupa UK perspective, and ensuring
that appropriate oversight and governance is exercised at the UK level. You
proactively assess and manage longer term strategic risks, aligning these into forward
business planning/objectives setting. You have expert detailed knowledge of the
regulatory and / or legislative requirements that relate to your business area and you
take the lead on proactive compliance protocols.

14. Treating Customers Fairly
You should be able to demonstrate that you pay due regard to customers and treat them fairly by:
 Making the fair treatment of customers central to all organisational changes, procedural changes and policy decisions
that you make, approve or oversee.
 Always demonstrating fair customer treatment to other employees – leading by example.
 Rewarding the fair treatment of customers by other employees.
 Being able to explain the impact that your role and actions have on the fair treatment of customers.
 Being able to explain the potential implications for customers who are not treated fairly by you or others.
 Always seeking to be competent to do your job e.g., by completing all compulsory regulatory training on time to ensure
that you have all the necessary knowledge and skills.

Job Description

 Always seeking to help those people who work for you to be competent to do their jobs e.g., by ensuring that they
complete all compulsory regulatory training on time.
15. Conduct Principles
 You must act with integrity.
 You must act with due skill and diligence.
 You must be open and cooperative with the FCA, the PRA and other regulators.
 You must pay due regard to the interests of customers and treat them fairly.
 You must observe proper standards of market conduct.
 You must take reasonable steps to ensure that the business of the firm for which you are responsible is controlled
effectively.
 You must take reasonable steps to ensure the business of the firm for which you are responsible complies with the
relevant requirements and standards of the regulatory system.
 You must take reasonable steps to ensure that any delegation of your responsibilities is to an appropriate person and that
you must oversee the discharge of the delegated responsibility effectively.
 You must disclose appropriately any information of which the PRA and FCA would reasonably expect notice.

16. Fitness and Propriety
You must take reasonable steps to ensure the areas you are accountable for are managed with appropriate due skill, care and
diligence to comply with PRA and FCA requirements. Failure to do so could result in fines and suspensions by the regulators and
consequently could also impact on the role holder’s ability to continue to perform in role.