Information Security Policy & Governance Specialist
London, England, United Kingdom
We are Zego - a commercial motor insurance provider that powers opportunities for businesses, from entire fleets of vehicles to self-employed drivers and riders. We combine best-in-class technology with sophisticated data sources to offer insurance products that save businesses time and money.
Since our inception, we have believed that the problem with traditional insurance is that it holds businesses back. It’s too expensive and time consuming, and it no longer suits businesses who use vehicles to earn money. Our products represent a solution to this problem for businesses based across the UK, Europe and beyond.
So far, we have raised over $200 million in funding and we were the first UK insurtech to be valued at over $1 billion. We were also the first to be awarded our own insurance license and recently won Tech Company of the Year 2020.
At Zego, we are proud to say we have a diverse and inclusive team, unified by our shared values and mission. Our people are the most important part of our story and everybody at Zego, no matter their role, has an integral part to play
Purpose of the role
Join our team and play a key role in safeguarding Zego’s information assets through effective information security governance practices.
We are seeking an experienced Information Security Governance Specialist to join our team. As Information Security Governance Specialist, you will support Zego’s DPO & Head of Information Security in developing, implementing and maintaining our information security governance framework.
You will be responsible for defining and writing security policies, procedures, standards, and guidelines to ensure the confidentiality, integrity, and availability of our information assets. You will play a key role in strengthening Zego’s security culture, developing and delivering a programme of security related training, awareness and engagement activities. You will have a strong background in information security and risk management and a good understanding of compliance frameworks. You will be a subject matter expert and the ‘go to’ person for all things relating to information security, including proactively identifying and interpreting changes across the threat landscape, in regulatory requirements and industry best practice.
What you will be working on:
Information security governance framework
- Develop and maintain Zego’s security governance, including writing and embedding policies, procedures, standards, guidelines and relevant documentation.
- Implement and drive adoption of information security policies and procedures across the organisation.
- Monitor compliance with information security policies and regulatory requirements.
- Lead on, support and participate in internal and external security audits, assessments and deep dives. This will involve gathering evidence, reviewing processes and controls, addressing audit findings, and implementing corrective actions.
Risk assessment and management
- Conduct risk assessments, review controls, analyse threats and recommend risk mitigation measures.
- Develop risk mitigation strategies and recommend security controls to address identified risks.
- Carry out SaaS and supplier security reviews and due diligence, identifying, evaluating and prioritising potential security risks and vulnerabilities.
- Conduct annual reviews of Zego’s Business Continuity Plans (BCPs).
Data Loss Prevention (DLP):
- Review and refresh DLP rules in our tooling to ensure they are fit for purpose.
- Monitor and respond to DLP alerts.
Security incident management and response
- Log, investigate, analyse and report on security incidents.
- Collaborate with the business including TechOps, DevSecOps and the incident response team to investigate, analyse and respond to security incidents.
Security engagement, awareness and training
- Lead on developing and delivering Zego’s security awareness programme, phishing campaigns and other security related activities to encourage and enable positive engagement with Zego’s information security culture.
- Collaborate with and support teams to ensure alignment of security governance practices with business objectives.
- Provide guidance and support on information security governance matters.
- Stay current with industry trends, emerging threats, and best practices in information security governance.
Security reporting
- Contribute to the collection, analysis, and reporting of security metrics to measure the effectiveness of security controls and identify areas for improvement.
- Prepare reports on security incidents, compliance status, and overall security posture for Zego’s management and stakeholders.
What you’ll need to be successful
- Information Security or related field, incl professional certifications
- Proven experience in information security governance, risk management, and compliance.
- Knowledge and understanding of information security standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR).
- Understanding of regulatory requirements related to information security (e.g. GDPR, PCI DSS).
- Experience with risk assessment methodologies and tools.
- Excellent analytical and problem-solving skills.
- Strong communication and interpersonal skills, with the ability to effectively interact with fellow Zegons and external partners at all levels.
- Ability to work independently and collaboratively in a fast-paced environment.
- Attention to detail and a commitment to maintaining the highest standards of information security.
- Flexibility to adapt to changing priorities and requirements.
- Level head, calm and clear thinking, open-minded and flexible.
What’s it like to work at Zego?
Joining Zego is a career-defining move. People go further here, reaching their full potential to achieve extraordinary things.
We’re spread throughout the UK and Europe, and united by our drive to get things done. We’re proud of our company and our culture – a friendly and inclusive space where we can lift each other up and celebrate our wins every day.
Together, we’re setting the bar higher, delivering exceptional work that makes a difference. Our people are the most important part of our story, and everyone here plays a role. There’s loads of room to learn and grow, and you’ll get the freedom to steer your career wherever you want.
You’ll work alongside a talented group who embrace each other's differences and aren’t afraid of a challenge. We recognise our achievements, learn from our mistakes, and help each other to be the best we can be. Together, we’re making insurance matter.
How we work
We believe that teams work better when they have time to collaborate and space to get things done. We call it Zego Hybrid.
Our hybrid way of working is unique. We don't mandate fixed office days. Instead, we foster a flexible approach that empowers every Zegon to perform at their best. We ask you to spend at least two days a week in our central London office (next to Liverpool Street). You have the flexibility to choose the day that works best for you and your team. We cover the costs for all company-wide events (3 per year), and also provide a separate hybrid contribution to help pay towards other travel costs. We think it’s a good mix of collaborative face time and flexible home-working, setting us up to achieve the right balance between work and life.
Benefits
We reward our people well. Join us and you’ll get a market-competitive salary, private medical insurance, company share options, generous holiday allowance, and a whole lot of wellbeing benefits. And that’s just for starters.
We’re an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.
#LI-Hybrid
#LI-KD1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Compliance DevSecOps GDPR Governance Incident response ISO 27001 NIST PCI DSS Risk assessment Risk management SaaS Vulnerabilities
Perks/benefits: Career development Competitive pay Equity Flex hours Health care Home office stipend Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs