Cloud App Security Lead

Job Description:

Cloud App Security Lead

Contract: Hybrid (Ideally onsite 1-2 days per week)

Location: Staines (TW18 3DZ) or Manchester (M30 3SP)

Permanent

Salary range: £47,000 - £65,000 DOE

Full time: 37.5 scheduled weekly hours

We consider all types of flexibility, including locations, hours and working patterns.

We make health happen

At Bupa, we’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives.

Right from the start you’ll become part of our digital strategy, joining us on our journey and developing yourself along the way.

The purpose of this role is to support continually expanding and evolving information security technologies Microsoft Defender for Cloud Apps (MDCA). The successful candidate will have experience in leveraging existing and new functionality across the Microsoft 365 stack alongside other platforms to deliver Information Security improvements.

This role will also have an inherent responsibility of assisting with and improving the incumbent Data Loss Prevention (DLP) policies across Microsoft 365 and other third-party tools.

How you’ll help us make health happen:
 

Microsoft Defender for Cloud Apps    

• Conduct continual identification of unapproved usage of apps.

• Design and implement an evaluation model, utilising available data points like risk ranking, for newly discovered cloud apps.

• Review and improve existing monitoring and blocking policies, deploying new ones where gaps are identified, in a timely manner.

• Identify misconfiguration of connected apps and work with stakeholders to remediate.

• Ensure consistency in data loss protection, leveraging data classification and information protection policies within MDCA, applying appropriate protections on an app per app basis.

• Drive collaboration improvements across the market units, maturing the visibility and controls of cloud applications through such methods as Session Policies.

• Troubleshoot any incidents which occur as a result of a Defender for Cloud Apps policy or control.

Data Loss Prevention

• Create, maintain and manage rulesets within the DLP blade, across all environments available within O365 (Email, Teams, SharePoint, OneDrive, etc).

• Use experience, user activity and analysis to develop new rules and improve existing ones.

• Adhere to change process and adoption techniques when deploying new features and technologies.

• Investigate and utilise other elements of Microsoft Purview Compliance Centre that could bring benefit to the Market Unit from an operational security standpoint.

• Develop best in class approach to Insider Risk Management, creating, adjusting and managing policies to protect the business in the most advanced and intelligent way possible.

Analytics        

• Produce regular metrics around Defender for Cloud Apps and the state of Business Embedded IT, providing oversight and security successes.

• Use dashboards and reports to continuously improve the use of MDCA leveraging other areas within this administration centre to improve the security posture.

• Extract requested or evidential data from various tools in order to ensure any related discussions are occurring from the best-informed position possible.

Key Skills / Qualifications needed for this role:

• Extensive use and knowledge of the capabilities of Microsoft & Azure Admin activities and the ability to manage the functions within this tool.

• Experience in the use of and development of Microsoft Defender for Cloud Apps to improve an organisations overall security posture.

• Has a track record of technical delivery working within a fast paced & pressured environment.

• Is able to take a pragmatic view regarding DLP, understanding how the business operates and is able to identify a balance between the management of data loss and the requirement for the business to continue to operate effectively.

• A deep understanding of Cyber Security and the risks currently posed to Bupa.

Desired Qualifications / Experience:

• Microsoft Certified: Security, Compliance and Identity Fundamentals – SC-900.

• Microsoft Certified: Information Protection Administrator Associate – SC-400.

• Microsoft Certified: Security Operations Analyst - SC-200

• Ideally a technical degree and / or industry recognised qualification and demonstrable experience in Information Security (e.g. CISSP, CISA, CISM, CSX-P or GIAC Certification).

• A sound understanding of British and International Security Standards (e.g. CIS security benchmarks, ISO/IEC 27001, NIST, CSC20) relevant UK and EU privacy legislation (especially Data Protection Act 2018 and EU GDPR) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).

• Extensive experience working with Microsoft Office 365, Purview Compliance Centre and Microsoft Defender Security Centre.

Benefits

Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits.

Joining Bupa in this role you will receive the following benefits and more:

• 25 days holiday, increasing through length of service, with option to buy or sell

• Bupa health insurance as a benefit in kind

• An enhanced pension plan and life insurance

• Onsite gyms or local discounts where no onsite gym available

• Various other benefits and online discounts

Why Bupa?

We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do.

We encourage all our people to “Be you at Bupa”, we champion diversity, and we understand the

importance of our people representing the communities and customers we serve.  That’s why we especially encourage applications from people with diverse backgrounds and experiences.

Bupa is a Level 2 Disability Confident Employer. This means we aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We’ll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them.

Time Type:

Job Area:

Locations: