Ivan Sanchez Lopez

As Group Chief Information Security Officer at Bupa I am responsible for the definition and successful implementation of the Cybersecurity strategy by enabling the delivery of our local teams across the Market Units worldwide (Europe & LatAm, UK and APAC). Additionally, I oversee the compliance with internal policies, external regulations, manage the relationship with our main regulators and report to Bupa Board and Execs the status of Bupa's Cybersecurity programe

Sanitas operates Healthcare and Insurance companies across multiple regions (Europe & Latam, UK and APAC) under a federated model. In my role as Chief Information Security Officer (CISO) for Europe & Latam Market Unit, I'm responsible for the definition and implementation of a transversal Information Security and Cyber Strategy across the different entities of the Market Unit (Spain, Poland, Turkey, Brasil, Miami, Mexico, Chile) as well as liaison and coordinating with the Group CISO team.

Reporting to the VP of Strategy and Global CIO, my main responsibilities as Senior Manager are the creation of the Information Security foundational processes by the definition of the Business Unit Risk Assessment and Information Protection framework. Additionally, leading the strategic programme for the global implementation of the Disaster Recovery and supervising compliance of the exposed perimeter by the implementation of the Web Application Security management process.

Relocated to the Global Information Security team in Germany, reporting to Group Functions Chief Technology Security Officer (CTSO). Leading security-related projects for Global Products & Services (Consumer and Enterprise) across 24 markets worldwide and Shared Service Centres (Hungary, India and Luxembourg) during its complete lifecycle. Accountable for people and budget management within projects. Driving the implementation of the Technology Security Baseline Requirements.

Reporting to the Head of Information Security, my main responsibilities are Security Risk Assessment for products, services and systems and identification of process gaps affecting security, fraud or compliance. Review of Data Privacy regulations, SOX controls and Internal Audit coordination. Definition of an IT Security Awareness framework (5000 employees). Support to the fraud management team by integrating fraud & security controls in business processes and integration with the corporate SIEM tool.

Project management in audit & consulting engagements regarding Information Security frameworks (ISO 27001), Data Protection, Business Continuity Management, Due diligences and third-party security assessments & IT effectiveness. Supporting customer bids and projects proposals for scope definition and resource estimation for customers for in the Utilities, Banking and Insurance markets.