Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead IT and cyber governance, ensuring compliance with industry standards and managing technology risks.
- Company: Atrium, a historic insurer with a client-first approach and a commitment to growth.
- Benefits: Flexible working arrangements, commitment to diversity, and opportunities for professional development.
- Other info: Supportive culture that values learning and encourages innovative thinking.
- Why this job: Join a dynamic team shaping the future of IT governance in a respected insurance firm.
- Qualifications: Experience in IT governance and risk management within regulated environments is essential.
The predicted salary is between 60000 - 80000 £ per year.
About Atrium
In a world of constant change, you need an insurer who has stood the test of time. Our reputation is built on consistency, expertise, and a client-first approach. We manage Syndicate 609, one of the oldest syndicates at Lloyd’s, with a history going back to the 1930s. Our longevity reflects the strength of our underwriting discipline, the depth of our relationships, and our ability to adapt to the evolving needs of our clients and the wider insurance marketplace.
We’re all in it together at Atrium. We are committed to creating an environment where people learn, grow, and follow what they’re passionate about. Our culture encourages staff to feel confident in making decisions at any stage of their career and do work that makes them proud, knowing they’re playing a valuable role in shaping the success of the business.
Role
This is a fantastic opportunity to join our IT team to be responsible for managing Atrium’s IT and cyber governance framework in line with Lloyd’s of London, FCA, and PRA regulatory expectations. The role owns IT and cyber policies, technology risk management, control design, and the production of robust, audit-ready control evidence supporting the IT team with all areas of IT governance. This role plays a key part in demonstrating that technology and cyber risks are effectively governed, proportionately controlled, and operationally resilient.
Lloyd’s & Regulatory Governance
- Maintain compliance with relevant Lloyd’s Minimum Standards, Core Practices, and Market Oversight expectations relating to IT, cyber security, and operational resilience.
- Support compliance with FCA and PRA requirements, operational resilience, outsourcing, and technology risk management.
- Produce clear governance reporting for senior management, Risk Committees, and Audit Committees suitable for regulatory scrutiny.
- Support evidence requests and thematic reviews from Lloyd’s, regulators, internal audit, and external assessors.
IT & Cyber Policy Framework
- Own and maintain the IT and cyber policy suite, ensuring alignment to Lloyd’s Minimum Standards, FCA expectations, and industry good practice.
- Manage formal policy review and approval cycles, ensuring accountability, traceability, and version control.
- Ensure policies are embedded into operational processes and supported by documented controls and procedures.
Technology & Cyber Risk Management
- Identify, assess, and manage IT and cyber risks in line with the enterprise risk framework.
- Maintain technology and cyber risk registers, ensuring risks are clearly articulated, owned, and supported by mitigation plans.
- Support risk assessments relating to material technology changes, new systems and applications, outsourcing, and material third-party suppliers.
- Support risk escalation, risk acceptance, and risk appetite reporting.
Control Framework & Assurance
- Define and maintain IT and cyber control objectives aligned to Lloyd’s Minimum Standards, NIST / CIS Controls, and operational resilience requirements.
- Ensure controls are documented, consistently applied, and reviewed for effectiveness.
- Drive continuous improvement of the technology control environment.
Control Evidence Management
- Own and coordinate the collection, validation, and storage of control evidence to support tracking audit findings, management actions, and remediation to closure.
- Ensure evidence is proportionate, current, and clearly mapped to control objectives.
- Design and operate a first-line controls testing and self-assessment programme for IT, cyber, digital and data including test plans, evidence standards, quality assurance, findings, retesting and remediation tracking.
- Maintain a formal register of technology and cyber policy exceptions, control waivers, and risk acceptances, ensuring appropriate approval, periodic review and escalation in line with risk appetite.
- Perform controls in line with the Group-wide controls framework as well as timely reporting to the Group Head of Controls for second-line oversight.
- Support any Lessons Learned, deep-dive or thematic reviews IT and Cyber controls by the Group Head of Controls.
Operational Resilience & Outsourcing Support
- Support operational resilience activities from a technology perspective.
- Support governance of IT and cyber aspects of outsourcing and third-party risk, working closely with Procurement, Risk, and Compliance.
- Ensure technology dependencies and vulnerabilities are clearly understood and documented.
Required Knowledge and Skills
Essential
- Proven experience in IT governance, technology risk, cyber risk, or control assurance within a regulated financial services or insurance environment.
- Strong understanding of Lloyd’s Minimum Standards, FCA/PRA expectations relating to IT, cyber security, and operational resilience.
- Hands-on experience managing IT/cyber policies, controls, and control evidence.
- Experience supporting audits, regulatory reviews, and assurance activities.
- Ability to translate technical risk into clear governance and regulatory language.
- Technology Proficiency: Understanding IT infrastructure, systems, and data flows to accurately identify weaknesses.
Desirable
- Experience working in the London Market / Lloyd’s managing agent environment.
- Familiarity with operational resilience frameworks and regulatory expectations.
- Experience using GRC tooling (e.g. Drata, RiskSmart, Riskonnect, Archer, ServiceNow GRC).
Atrium offers all permanent employees the chance to work flexibly through our charter for flexible working - we actively invite applications from candidates requiring any form of flexible working arrangements. Atrium is an Equal Opportunities employer with a strong and passionate commitment to Diversity, Equity, and Inclusion. Atrium actively invites applications from candidates requiring any form of flexible working arrangements. We do not discriminate based upon age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation, or any other applicable legally protected characteristic. We’re committed to providing reasonable adjustments or accommodations for applicants, so if you need assistance or support during the recruitment process, please get in touch.
IT and Cyber Governance Lead employer: Atrium
Contact Detail:
Atrium Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land IT and Cyber Governance Lead
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend events, and connect on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching Atrium and its values. Understand their approach to IT governance and cyber risk management. Tailor your answers to show how your experience aligns with their needs.
✨Tip Number 3
Practice makes perfect! Do mock interviews with friends or use online platforms. The more comfortable you are speaking about your skills and experiences, the better you'll perform when it counts.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, we love seeing candidates who take that extra step to engage with us directly.
We think you need these skills to ace IT and Cyber Governance Lead
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in IT governance and cyber risk. We want to see how your skills align with the role, so don’t hold back on showcasing your relevant achievements!
Be Clear and Concise: When writing your application, keep it straightforward and to the point. Use clear language that reflects your understanding of the regulatory landscape and IT governance. We appreciate a well-structured application that’s easy to read!
Show Your Passion: Let us know why you’re excited about this role and working with Atrium. Share your enthusiasm for IT and cyber governance, and how you can contribute to our client-first approach. We love seeing candidates who are genuinely interested!
Apply Through Our Website: Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at Atrium
✨Know Your Stuff
Make sure you brush up on IT governance, technology risk, and cyber security. Familiarise yourself with Lloyd’s Minimum Standards and FCA/PRA expectations. Being able to discuss these topics confidently will show that you're serious about the role.
✨Showcase Your Experience
Prepare specific examples from your past work that demonstrate your hands-on experience with IT/cyber policies and controls. Think about times you've supported audits or regulatory reviews, and be ready to explain how you managed those processes.
✨Speak Their Language
When discussing technical risks, make sure you can translate them into clear governance and regulatory language. This will help you connect with the interviewers and show that you understand the importance of compliance in the insurance sector.
✨Ask Smart Questions
Prepare thoughtful questions about Atrium's approach to operational resilience and third-party risk management. This not only shows your interest in the company but also gives you insight into their culture and priorities.