Information Security Policy & Governance Specialist

We are Zego - a commercial motor insurance provider that powers opportunities for businesses, from entire fleets of vehicles to self-employed drivers and riders. We combine best-in-class technology with sophisticated data sources to offer insurance products that save businesses time and money.

Since our inception, we have believed that the problem with traditional insurance is that it holds businesses back. It’s too expensive and time consuming, and it no longer suits businesses who use vehicles to earn money. Our products represent a solution to this problem for businesses based across the UK, Europe and beyond.

So far, we have raised over $200 million in funding and we were the first UK insurtech to be valued at over $1 billion. We were also the first to be awarded our own insurance license and recently won Tech Company of the Year 2020.

At Zego, we are proud to say we have a diverse and inclusive team, unified by our shared values and mission. Our people are the most important part of our story and everybody at Zego, no matter their role, has an integral part to play

Purpose of the role

Join our team and play a key role in safeguarding Zego’s information assets through effective information security governance practices.

We are seeking an experienced Information Security Governance Specialist to join our team. As Information Security Governance Specialist, you will support Zego’s DPO & Head of Information Security in developing, implementing and maintaining our information security governance framework. 

You will be responsible for defining and writing security policies, procedures, standards, and guidelines to ensure the confidentiality, integrity, and availability of our information assets. You will play a key role in strengthening Zego’s security culture, developing and delivering a programme of security related training, awareness and engagement activities. You will have a strong background in information security and risk management and a good understanding of compliance frameworks. You will be a subject matter expert and the ‘go to’ person for all things relating to information security, including proactively identifying and interpreting changes across the threat landscape, in regulatory requirements and industry best practice.

What you will be working on:

Information security governance framework

• Develop and maintain Zego’s security governance, including writing and embedding policies, procedures, standards, guidelines and relevant documentation.
• Implement and drive adoption of information security policies and procedures across the organisation.
• Monitor compliance with information security policies and regulatory requirements.
• Lead on, support and participate in internal and external security audits, assessments and deep dives. This will involve gathering evidence, reviewing processes and controls, addressing audit findings, and implementing corrective actions.

Risk assessment and management

• Conduct risk assessments, review controls, analyse threats and recommend risk mitigation measures.
• Develop risk mitigation strategies and recommend security controls to address identified risks.
• Carry out SaaS and supplier security reviews and due diligence, identifying, evaluating and prioritising potential security risks and vulnerabilities.
• Conduct annual reviews of Zego’s Business Continuity Plans (BCPs). 

Data Loss Prevention (DLP):

• Review and refresh DLP rules in our tooling to ensure they are fit for purpose.
• Monitor and respond to DLP alerts.

Security incident management and response

• Log, investigate, analyse and report on security incidents.
• Collaborate with the business including TechOps, DevSecOps and the incident response team to investigate, analyse and respond to security incidents.

Security engagement, awareness and training

• Lead on developing and delivering Zego’s security awareness programme, phishing campaigns and other security related activities to encourage and enable positive engagement with Zego’s information security culture.
• Collaborate with and support teams to ensure alignment of security governance practices with business objectives.
• Provide guidance and support on information security governance matters.
• Stay current with industry trends, emerging threats, and best practices in information security governance.

Security reporting

• Contribute to the collection, analysis, and reporting of security metrics to measure the effectiveness of security controls and identify areas for improvement.
• Prepare reports on security incidents, compliance status, and overall security posture for Zego’s management and stakeholders.

What you’ll need to be successful

• Information Security or related field, incl professional certifications
• Proven experience in information security governance, risk management, and compliance.
• Knowledge and understanding of information security standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, GDPR).
• Understanding of regulatory requirements related to information security (e.g. GDPR, PCI DSS).
• Experience with risk assessment methodologies and tools.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to effectively interact with fellow Zegons and external partners at all levels.
• Ability to work independently and collaboratively in a fast-paced environment.
• Attention to detail and a commitment to maintaining the highest standards of information security.
• Flexibility to adapt to changing priorities and requirements.
• Level head, calm and clear thinking, open-minded and flexible.

What’s it like to work at Zego?

Joining Zego is a career-defining move. People go further here, reaching their full potential to achieve extraordinary things.

We’re spread throughout the UK and Europe, and united by our drive to get things done. We’re proud of our company and our culture – a friendly and inclusive space where we can lift each other up and celebrate our wins every day.

Together, we’re setting the bar higher, delivering exceptional work that makes a difference. Our people are the most important part of our story, and everyone here plays a role. There’s loads of room to learn and grow, and you’ll get the freedom to steer your career wherever you want.

You’ll work alongside a talented group who embrace each other's differences and aren’t afraid of a challenge. We recognise our achievements, learn from our mistakes, and help each other to be the best we can be. Together, we’re making insurance matter.

How we work
We believe that teams work better when they have time to collaborate and space to get things done. We call it Zego Hybrid.

Our hybrid way of working is unique. We don't mandate fixed office days. Instead, we foster a flexible approach that empowers every Zegon to perform at their best. We ask you to spend at least two days a week in our central London office (next to Liverpool Street). You have the flexibility to choose the day that works best for you and your team. We cover the costs for all company-wide events (3 per year), and also provide a separate hybrid contribution to help pay towards other travel costs. We think it’s a good mix of collaborative face time and flexible home-working, setting us up to achieve the right balance between work and life.

Benefits

We reward our people well. Join us and you’ll get a market-competitive salary, private medical insurance, company share options, generous holiday allowance, and a whole lot of wellbeing benefits. And that’s just for starters.

We’re an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.

#LI-Hybrid

#LI-KD1