Beauty and health businesses sit closer together than they first appear. Both hold deeply personal customer data, from skincare preferences and purchase histories to medical records and insurance details. Both operate global supply chains and multi-brand portfolios that create complex vendor and third-party risk. And both depend on consumer trust that a single breach can damage in an instant. The leaders in this feature are protecting cosmetics giants, private hospital groups, occupational health providers, and telehealth platforms, and their programmes reflect what security looks like when the product is personal, whether that product is a lipstick or a diagnosis.
Ambika Kanungo – Global CISO, Revlon
Ambika Kanungo has served as global CISO at Revlon since October 2025, bringing more than 23 years of cybersecurity leadership across retail, food and beverage, and financial services organisations internationally. Before Revlon, he spent more than five years as director of information security and international CISO at Starbucks in the UK, and before that more than three years as head of information security for EMEA at Yum! Brands.
His earlier career includes senior manager roles in IT risk and audit lifecycle at GE Capital, an information security risk manager position at Capgemini, and IT risk management work at Birlasoft supporting GE Capital as a client. He began his career across six years of information security specialist roles in India at ACS, IBM, and NIIT. That progression from financial services risk and audit through EMEA and international security leadership at two of the world’s biggest consumer brands, Yum! Brands and Starbucks, now brings a truly global consumer risk perspective to one of the most recognisable names in cosmetics.
Alan Bulley – CISO, Elida Beauty
Alan Bulley has served as CISO at Elida Beauty since August 2021, building the company’s enterprise information security function from the ground up for an €800 million revenue business navigating carve-out, cloud migration, and post-divestment environments. He established the strategy, governance framework, policies, and tooling aligned to ISO 27001, significantly reduced the company’s risk profile across ransomware, data exfiltration, third-party risk, and advanced persistent threats, and improved the organisation’s Microsoft Defender security posture score to approximately 90 through structured control implementation.
Before Elida Beauty, he spent eight months as information security and risk manager at Centrica on contract, and built a long consulting career spanning Deutsche Bank, Compass Group, DXC Technology, and Citihub Consulting, including placements at Credit Suisse in London and Singapore. His most substantial tenure before moving into full-time CISO work was more than eleven years at Credit Suisse, rising to director and delivering multimillion-pound regulatory remediation, data centre strategy, and business continuity programmes across Asia Pacific. That blend of banking sector regulatory rigor and consumer goods carve-out experience gives him a security foundation well suited to a beauty business operating through complex corporate transitions.
Valerie Ezinmo – CISO UK and Ireland, L’Oreal
Valerie Ezinmo has served as CISO for UK and Ireland at L’Oreal since April 2023, translating complex technical challenges into clear, actionable strategy for one of the world’s largest cosmetics companies. Before L’Oreal, she spent nearly a year and a half as head of digital controls and resilience at Virgin Media O2, and eleven months as senior security governance and risk manager at Virgin Media. Before that, she spent just over a year as information security manager at Crest Nicholson, a housebuilder, and two years as information security and IT operations manager at William Russell Limited, where she led both internal and external ISO 27001 audits.
Her earlier career included business analyst roles at Waterlogic International, Vodafone, and Cable and Wireless, giving her a foundation in enterprise systems and process analysis before she moved into dedicated security leadership. She is an active advocate for diversity, equity, and inclusion in cybersecurity, participating in women-in-tech conferences and thought leadership forums. That progression from business analysis through telecoms security governance and into consumer goods CISO leadership reflects a career built on translating operational complexity into clear security strategy across very different regulated sectors.
Verosha Maharaj – CISO, Vitality Global
Verosha Maharaj has served as CISO at Vitality Global since March 2023, based in Manchester, while continuing to hold the CISO title at Vitality Group in Johannesburg, a role she has held since March 2022. She has spent more than eleven years at Vitality Group overall, having served as head of information security since July 2015 before her elevation to CISO. That combined UK and South Africa mandate reflects the international structure of Vitality’s health and wellness insurance business, which operates a shared-value model spanning multiple continents and requires a security leader capable of aligning governance across distinct regulatory environments. Her more than decade-long tenure inside the same organisation, rising from head of information security to CISO across two entities, gives her deep institutional knowledge of Vitality’s systems and risk posture.
Phil Sirah – CISO, Health Partners Group
Phil Sirah has served as CISO at Health Partners Group for nearly ten years, since January 2017, leading security for a company employing more than 1,000 occupational health doctors, nurses, mental health specialists, and health technicians providing medical advice and wellbeing services to large corporates and government. He also served as head of digital strategy for two years and IT director for more than three years at the same organisation, giving him a broad view of the business beyond pure security accountability.
Before Health Partners Group, he spent nearly eleven months as a freelance technology and information security consultant, and more than ten years as IT director at Health Management Limited. His earlier career includes director roles at TLT Consulting and GIC Computers, and he began his career at BT in data and capacity management and digital exchange installation engineering. Nearly two decades of continuous IT and security leadership across occupational health providers reflects a career built on deep sector-specific knowledge of healthcare data and operational needs.
Hammond Reddie – CISO, Spire Healthcare
Hammond Reddie has served as CISO at Spire Healthcare Group since January 2025, bringing a career built on large-scale technology leadership across the NHS and private sector. Before Spire Healthcare, he spent more than two years as CTO at University Hospitals Birmingham NHS Foundation Trust, leading technology modernisation with a £60 million annual IT budget, governing more than 650 team members, and serving 27,000 staff, where he deployed one of the largest cyber security teams in the NHS. Before that, he spent more than four years as CTO at The Miles Consultancy, leading a security accreditation programme that achieved ISO 27001, ISO 9001, and Cyber Essentials Plus certification while maintaining an A+ PCI DSS rating.
His foundational career spans more than ten years at Barclays across database vulnerability management, Windows and Active Directory infrastructure leadership, and pre-production systems support, where he reduced patch cycles from a year to twelve weeks and closed 27 audit actions across major regulatory frameworks. That progression from deep banking infrastructure security through NHS technology leadership and into private hospital group CISO work reflects a career built on hands-on technical depth applied at increasing organisational scale.
Karolyn Maloney – Deputy CISO, Teladoc Health
Karolyn Maloney has served as deputy CISO at Teladoc Health since December 2024, having spent a year before that as VP of cyber risk at the same telehealth company. Before Teladoc, she spent more than two years as head of cyber hygiene at Wells Fargo, and nearly three years at CVS Health across senior director roles spanning IT hygiene, endpoint resilience, software security, and data protection, as well as identity and access management.
Her deepest institutional tenure came from more than ten years at Aetna, progressing from a leadership development rotational programme through security architect and senior director roles in IT hygiene and identity and access management within the company’s global security function. She serves as an adjunct professor at Bay Path University, sits on the advisory board of the Executive Women’s Forum on Information Security, Risk Management and Privacy, and serves on the board of the Cloud Security Alliance’s Hartford Connecticut chapter. That decade-plus foundation at Aetna, followed by senior security roles at CVS Health and Wells Fargo, now supports a telehealth platform where the sensitivity of health data meets the operational demands of a fast-growing digital health company.
Trust Is the Product
Whether the business sells skincare or surgery, the companies in this feature depend on customers trusting them with something deeply personal. A breach at a cosmetics company exposes purchase histories and loyalty data. A breach at a hospital group or health insurer exposes medical records and diagnoses. The leaders in this feature understand that the stakes of that trust are not abstract, and their security programmes reflect a shared discipline: protecting the sensitive, personal information that beauty and health businesses are built on.
Discover more CISOs securing UK industries:
- Foundations of Trust: CISOs to Watch in UK Construction and Engineering
- Behind the Campaign: CISOs to Watch in Advertising, Media, and Loyalty
- Behind Every Address: Cybersecurity Leaders in Property and Real Estate
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

