IT and Cyber Governance Lead in London

About Atrium

In a world of constant change, you need an insurer who has stood the test of time. Our reputation is built on consistency, expertise, and a client-first approach. We manage Syndicate 609, one of the oldest syndicates at Lloyd’s, with a history going back to the 1930s. Our longevity reflects the strength of our underwriting discipline, the depth of our relationships, and our ability to adapt to the evolving needs of our clients and the wider insurance marketplace.

We’re all in it together at Atrium. We are committed to creating an environment where people learn, grow, and follow what they’re passionate about. Our culture encourages staff to feel confident in making decisions at any stage of their career and do work that makes them proud, knowing they’re playing a valuable role in shaping the success of the business.

Role

This is a fantastic opportunity to join our IT team to be responsible for managing Atrium’s IT and cyber governance framework in line with Lloyd’s of London, FCA, and PRA regulatory expectations. The role owns IT and cyber policies, technology risk management, control design, and the production of robust, audit-ready control evidence supporting the IT team with all areas of IT governance. This role plays a key part in demonstrating that technology and cyber risks are effectively governed, proportionately controlled, and operationally resilient.

• Lloyd’s & Regulatory Governance

• Maintain compliance with relevant Lloyd’s Minimum Standards, Core Practices, and Market Oversight expectations relating to IT, cyber security, and operational resilience.
• Support compliance with FCA and PRA requirements, operational resilience, outsourcing, and technology risk management.
• Produce clear governance reporting for senior management, Risk Committees, and Audit Committees suitable for regulatory scrutiny.
• Support evidence requests and thematic reviews from Lloyd’s, regulators, internal audit, and external assessors.

• IT & Cyber Policy Framework

• Own and maintain the IT and cyber policy suite, ensuring alignment to Lloyd’s Minimum Standards, FCA expectations, and industry good practice.
• Manage formal policy review and approval cycles, ensuring accountability, traceability, and version control.
• Ensure policies are embedded into operational processes and supported by documented controls and procedures.

• Technology & Cyber Risk Management

• Identify, assess, and manage IT and cyber risks in line with the enterprise risk framework.
• Maintain technology and cyber risk registers, ensuring risks are clearly articulated, owned, and supported by mitigation plans.
• Support risk assessments relating to material technology changes, new systems and applications, outsourcing, and material third-party suppliers.
• Support risk escalation, risk acceptance, and risk appetite reporting.

• Control Framework & Assurance

• Define and maintain IT and cyber control objectives aligned to Lloyd’s Minimum Standards, NIST / CIS Controls, and operational resilience requirements.
• Ensure controls are documented, consistently applied, and reviewed for effectiveness.
• Drive continuous improvement of the technology control environment.

• Control Evidence Management

• Own and coordinate the collection, validation, and storage of control evidence to support tracking audit findings, management actions, and remediation to closure.
• Ensure evidence is proportionate, current, and clearly mapped to control objectives.
• Design and operate a first-line controls testing and self-assessment programme for IT, cyber, digital and data including test plans, evidence standards, quality assurance, findings, retesting and remediation tracking.
• Maintain a formal register of technology and cyber policy exceptions, control waivers, and risk acceptances, ensuring appropriate approval, periodic review and escalation in line with risk appetite.
• Perform controls in line with the Group-wide controls framework as well as timely reporting to the Group Head of Controls for second-line oversight.
• Support any Lessons Learned, deep-dive or thematic reviews IT and Cyber controls by the Group Head of Controls.

• Operational Resilience & Outsourcing Support

• Support operational resilience activities from a technology perspective.
• Support governance of IT and cyber aspects of outsourcing and third-party risk, working closely with Procurement, Risk, and Compliance.
• Ensure technology dependencies and vulnerabilities are clearly understood and documented.

Required Knowledge and Skills

• Essential

• Proven experience in IT governance, technology risk, cyber risk, or control assurance within a regulated financial services or insurance environment.
• Strong understanding of Lloyd’s Minimum Standards and FCA/PRA expectations relating to IT, cyber security, and operational resilience.
• Hands-on experience managing IT/cyber policies, controls, and control evidence.
• Experience supporting audits, regulatory reviews, and assurance activities.
• Ability to translate technical risk into clear governance and regulatory language.
• Technology Proficiency: Understanding IT infrastructure, systems, and data flows to accurately identify weaknesses.

• Desirable

• Experience working in the London Market / Lloyd’s managing agent environment.
• Familiarity with operational resilience frameworks and regulatory expectations.
• Experience using GRC tooling (e.g. Drata, RiskSmart, Riskonnect, Archer, ServiceNow GRC).

Atrium offers all permanent employees the chance to work flexibly through our charter for flexible working - we actively invite applications from candidates requiring any form of flexible working arrangements. Atrium is an Equal Opportunities employer with a strong and passionate commitment to Diversity, Equity, and Inclusion. Atrium actively invites applications from candidates requiring any form of flexible working arrangements. We do not discriminate based upon age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation, or any other applicable legally protected characteristic. We’re committed to providing reasonable adjustments or accommodations for applicants, so if you need assistance or support during the recruitment process, please get in touch.