At a Glance
- Tasks: Shape the future of security compliance and build a security-conscious culture.
- Company: Join GWI, a dynamic data company with a commitment to diversity and inclusion.
- Benefits: Enjoy 25 days annual leave, health benefits, and flexible working options.
- Other info: Be part of a supportive team that values big thinking and respect.
- Why this job: Make a real impact in information security while growing your career.
- Qualifications: Experience in ISO 27001 certification and strong communication skills required.
The predicted salary is between 70000 - 90000 £ per year.
Location: London, UK
Weekly office requirement: Hybrid – 2 days per week
Employment type: Permanent
Seniority level: Mid-Senior
At GWI we’re always looking for extraordinary people who thrive on making an extraordinary impact. Right now we’re looking for an Information Security GRC Specialist to play a key role in our Legal team in London. If that’s you, and making a difference gets you out of bed in the morning, keep reading. It could be the start of something, well, extraordinary.
Sounds great, what will I be doing?
As our Information Security GRC Specialist you’ll play a pivotal role in shaping the future of security compliance at GWI. Reporting into our General Counsel and working closely with our Information Security, Product, and Technology teams, you’ll own our compliance posture across security frameworks, vendor risk, and client-facing security requirements – while building a security-conscious culture across the business.
Responsibilities
- Own and maintain GWI’s ISO 27001 certification and compliance across relevant security frameworks, keeping our posture sharp as the threat landscape evolves.
- Develop, implement, and maintain information security policies and procedures aligned with industry best practices.
- Lead vendor risk management and client security assessments – including responding to client security questionnaires and onboarding requirements.
- Build and maintain GWI’s security trust portal, showcasing our credentials to clients and stakeholders using tools such as Drata or Vanta.
- Drive security awareness across the business through training programmes and internal communications that promote a strong GRC culture.
What do I need to bring with me?
You will need to be able to demonstrate the core skills this role requires. You don’t have to tick all the boxes right away; the important thing is that you’re willing to learn. Here’s what the team will be looking for in you:
- In-depth, practical experience obtaining and maintaining ISO 27001 certification, with solid knowledge of frameworks such as NIST – typically 3–5 years in an information security compliance role, though other experience levels will be considered.
- Proven ability to develop and maintain security policies and procedures that align with industry best practice.
- Experience conducting vendor security assessments and managing client security onboarding requirements, balancing risk against commercial objectives.
- Hands‑on experience building or maintaining a security trust portal; familiarity with tools such as Drata or Vanta is a plus.
- Knowledge of SaaS and AI environments, with experience implementing and managing cloud security best practices.
- Strong communication skills – able to translate complex GRC topics into clear internal guidance and keep the wider business informed and engaged on security matters.
Equally important is attitude. We want people who think big (to make an impact), ask why (to find a better way), and show respect (to everyone, at every level, all the time). Those are our values, and they’re a big part of what we’re looking for in you.
What We Offer
At GWI, you’ll find meaningful work, visible impact, and a culture that empowers you to do your best. Our package includes:
- Time to recharge – 25 days’ annual leave, plus office closures over the holidays.
- Health & wellbeing – Health cash plan, enhanced family benefits, carer days, and mental health support.
- Financial benefits – Competitive salary, 4% pension matching, and recognition programs that celebrate success.
- Flexibility & balance – Flexitime, early Friday finishes, hybrid and remote options, plus a “work from home” budget.
- Career growth – Accredited learning, leadership development, and global career mobility.
- Community & impact – DE&I initiatives, volunteering opportunities, donation matching, and payroll giving.
Diversity and Inclusion
Diversity is fundamental to who we are—both as a data company and as a workplace. Our data reflects global realities, and so must our teams. We strive to ensure our workforce is as diverse and inclusive as the insights we provide to our clients. As a Disability Confident employer, we welcome applications from disabled candidates and are committed to providing all necessary adjustments during the hiring process. We also actively encourage applications from underrepresented and marginalized communities.
Information Security Governance, Risk and Compliance Specialist New London, UK employer: GWI group
At GWI, we pride ourselves on being an extraordinary employer that fosters a culture of empowerment and inclusivity. As an Information Security Governance, Risk and Compliance Specialist in London, you'll enjoy a hybrid work model, competitive benefits including 25 days of annual leave, and ample opportunities for career growth through accredited learning and leadership development. Join us to make a meaningful impact while working in a supportive environment that values diversity and encourages innovation.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Governance, Risk and Compliance Specialist New London, UK
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like GWI group looking for candidates who are engaged and informed.
We think you need these skills to ace Information Security Governance, Risk and Compliance Specialist New London, UK
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at GWI group. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at GWI group
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with GWI group’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!
