At a Glance
- Tasks: Track and drive information security compliance and audit findings across multiple jurisdictions.
- Company: Join a leading insurance firm committed to diversity and innovation.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Gain exposure to ISO 27001 certification and international regulatory engagements.
- Why this job: Make a real impact in information security while building a rewarding career.
- Qualifications: Organised, persistent, and comfortable holding others accountable; experience in GRC is a plus.
The predicted salary is between 40000 - 50000 £ per year.
The Information Security Governance Risk and Compliance Analyst sits within the corporate Information Security team, which is led by the Information Security Officer and operates within the COO organisation. The team is independent of the compliance, risk, and IT functions. This role reports to the Head of Information Security Governance Risk and Compliance and exists to keep information security audit findings, compliance deliverables, and regulatory commitments moving forward - tracking open items, chasing action owners, and making sure the information security function meets its obligations across audit and compliance workstreams.
The role will work across ISO 27001 audits, penetration tests, and tabletop exercises - making sure findings have owners, owners have deadlines, and deadlines are met. On the compliance side, it will coordinate information security's inputs to Lloyd's Principles Based Oversight (PBO), DORA, GDPR, and regulatory engagements with international supervisors including the Monetary Authority of Singapore, Central Bank of Ireland, and Dubai Financial Services Authority. This is a mid-level role with room to grow. A successful candidate does not need to have done everything on this list before, but does need to be organised, persistent, and comfortable holding people to account.
Key Responsibilities- Track and drive remediation of all information security-related findings from internal audits, ISO 27001 audits, penetration tests, and tabletop exercises. Maintain accurate registers, hold action owners to deadlines, and accelerate slippage.
- Act as the primary information security point of contact for the compliance function across Lloyd's PBO (particularly cyber resilience within the operational resilience pillar), DORA, and GDPR.
- Coordinate information security evidence and inputs for regulatory engagements across multiple jurisdictions, including MAS, CBI, and DFSA.
- Chase and track all information security compliance deliverables, making sure requests from regulators, compliance, and audit are answered accurately and on time.
- Prepare progress updates on open findings, compliance deliverables, and regulatory action items for stakeholders.
- Support the Head of Information Security Governance Risk and Compliance with GRC tooling, tracking, and reporting—producing metrics that give clear visibility of where things stand.
- Build solid working relationships with action owners, compliance, risk, and audit so that chasing things down does not become adversarial.
- Experience in Information Security GRC, IT audit, IT risk, or compliance coordination—ideally in insurance, reinsurance, or the Lloyd's market.
- Familiarity with ISO 27001 and how audit finding remediation works in practice.
- Working knowledge of regulatory regimes relevant to the London market such as Lloyd's PBO and DORA.
- Experience with international financial regulators is a plus.
- Strong organisational skills—able to track a high volume of open items, deadlines, and dependencies across multiple workstreams without losing grip.
- Clear communicator, written and verbal. Able to produce concise status updates and engage constructively with people at all levels.
- Comfortable working across teams—information security, compliance, audit, and business stakeholders all need to see the role holder as someone who makes their life easier, not harder.
- Experience with GRC platforms or tracking tools and the ability to pull useful reporting from them is a plus.
Audit findings and regulatory commitments do not close themselves. Without someone actively tracking and chasing, items age, deadlines slip, and risk accumulates without anyone noticing until it becomes a problem. This role stops that from happening. In a Lloyd's market business with regulatory obligations spanning multiple jurisdictions, having someone who owns the tracking and coordination of Information Security GRC activity is not optional. This is also a strong development role. The successful candidate will get direct exposure to ISO27001 certification, Lloyd's PBO, DORA, international regulatory engagement, and the full audit lifecycle—with the Head of Information Security Governance Risk and Compliance providing direction and support. It is a good role for someone who wants to build a career in this space and is willing to put the work in.
Equal Employment Opportunity StatementChaucer is committed to diversity, actively values difference and respects people regardless of the protected characteristics which are outlined in the Equality Act 2010 (UK legislation) as a result of the Equal Treatment Directive 2006 (EU legislation). A diverse workforce and an inclusive workplace are core to our success as a business and integral to our winning strategy and culture. We recruit from the widest available pool of talent, and our hiring, assessment and selection process is fair, free from bias and one which ensures we select the right person for the job, based on merit. We are committed to promoting a culture that actively values difference, and recognises that everyone has the right to be treated with dignity and respect throughout their employment. We are open to considering flexible working arrangements for all roles and encourage you to outline your needs during the interview process.
Information Security GRC Analyst employer: Chaucer Group
Chaucer is an exceptional employer that fosters a culture of inclusivity and diversity, making it a great place for professionals in the Information Security field. With a strong commitment to employee growth, this role offers direct exposure to key regulatory frameworks and audit processes, ensuring that you will develop valuable skills while contributing to critical compliance efforts. Located in the heart of London, you will benefit from a dynamic work environment that encourages collaboration across teams and provides flexible working arrangements to support your work-life balance.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security GRC Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already working in Information Security GRC. LinkedIn is your best mate here—connect, engage, and don’t be shy about asking for informational chats.
✨Tip Number 2
Prepare for interviews by brushing up on ISO 27001 and compliance regulations. Make sure you can chat confidently about how you’d handle audit findings and deadlines. We want to see that you’re not just organised but also proactive!
✨Tip Number 3
Showcase your organisational skills! Bring examples of how you've tracked projects or compliance deliverables in the past. We love seeing candidates who can juggle multiple tasks without dropping the ball.
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets seen. Plus, it shows you’re genuinely interested in joining our team. Don’t forget to follow up after applying—persistence pays off!
We think you need these skills to ace Information Security GRC Analyst
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in Information Security GRC, compliance, and audit. We want to see how your skills align with the job description, so don’t hold back on showcasing relevant projects or achievements!
Be Clear and Concise:When writing your application, keep it straightforward and to the point. Use clear language to describe your experiences and how they relate to the role. We appreciate a well-structured application that makes it easy for us to see your qualifications.
Show Your Organisational Skills:Since this role requires strong organisational abilities, consider including examples of how you've successfully managed multiple tasks or projects in the past. We love seeing candidates who can juggle responsibilities without losing track!
Apply Through Our Website:We encourage you to submit your application through our website. It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy to do—just follow the prompts!
How to prepare for a job interview at Chaucer Group
✨Know Your GRC Basics
Make sure you brush up on your knowledge of Information Security Governance, Risk, and Compliance. Familiarise yourself with ISO 27001 and the audit process, as well as regulatory frameworks like Lloyd's PBO and DORA. This will show that you're not just interested in the role but also understand the key components that drive it.
✨Showcase Your Organisational Skills
Since this role requires tracking multiple deadlines and open items, be prepared to discuss how you've successfully managed similar tasks in the past. Bring examples of how you've kept projects on track and how you handle slippage. This will demonstrate your ability to stay organised under pressure.
✨Communicate Clearly
As a clear communicator, you'll need to engage with various stakeholders. Practice articulating your thoughts concisely and confidently. Prepare to give updates on complex topics in a straightforward manner, as this will be crucial in your role of liaising between teams.
✨Build Relationships
Highlight your ability to build solid working relationships across different teams. Discuss how you've previously collaborated with compliance, risk, and audit functions without creating friction. This will show that you can be a team player who makes life easier for others, which is essential for this position.
