Information Security GRC Analyst
UK Visa Sponsorship Analytics
Above analytics are generated algorithmically based on job titles and may not always be the same as the company's job classification. You can also check detailed occupation eligibility, and salary criteria on our UK Visa Eligible Occupations & Salary Thresholds page.
Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Chaucer Group. For the most up-to-date job details, please visit the official website by clicking "Apply Now."
About us
Chaucer is a leading insurance group at Lloyd's, the world's specialist insurance market. We help protect industries around the world from the risks they face. Our customers include major airlines, energy companies, shipping groups, global manufacturers and property groups.
Headquartered in London, with international hubs in Copenhagen, Dubai, Miami, Dublin, Singapore, Sydney and Bermuda, to be closer to our clients across the world. To learn more about us please visit our website: www.chaucergroup.com
Job Profile Summary
The Information Security Governance Risk and Compliance Analyst sits within the corporate Information Security team, which is led by the Information Security Officer and operates within the COO organisation. The team is independent of the compliance, risk, and IT functions. This role reports to the Head of Information Security Governance Risk and Compliance and exists to keep information security audit findings, compliance deliverables, and regulatory commitments moving forward - tracking open items, chasing action owners, and making sure the information security function meets its obligations across audit and compliance workstreams.
The role will work across ISO 27001 audits, penetration tests, and tabletop exercises - making sure findings have owners, owners have deadlines, and deadlines are met. On the compliance side, it will coordinate information security's inputs to Lloyd's Principles Based Oversight (PBO), DORA, GDPR, and regulatory engagements with international supervisors including the Monetary Authority of Singapore, Central Bank of Ireland, and Dubai Financial Services Authority.
This is a mid-level role with room to grow. A successful candidate does not need to have done everything on this list before, but does need to be organised, persistent, and comfortable holding people to account.
Key Responsibilities
- Track and drive remediation of all information security-related findings from internal audits, ISO 27001 audits, penetration tests, and tabletop exercises. Maintain accurate registers, hold action owners to deadlines, and escalate slippage.
- Act as the primary information security point of contact for the compliance function across Lloyd's PBO (particularly cyber resilience within the operational resilience pillar), DORA, and GDPR.
- Coordinate information security evidence and inputs for regulatory engagements across multiple jurisdictions, including MAS, CBI, and DFSA.
- Chase and track all information security compliance deliverables, making sure requests from regulators, compliance, and audit are answered accurately and on time.
- Prepare progress updates on open findings, compliance deliverables, and regulatory action items for stakeholders.
- Support the Head of Information Security Governance Risk and Compliance with GRC tooling, tracking, and reporting - producing metrics that give clear visibility of where things stand.
- Build solid working relationships with action owners, compliance, risk, and audit so that chasing things down does not become adversarial.
Skills and Experience
- Experience in Information Security GRC, IT audit, IT risk, or compliance coordination - ideally in insurance, reinsurance, or the Lloyd's market.
- Familiarity with ISO 27001 and how audit finding remediation works in practice.
- Working knowledge of regulatory regimes relevant to the London market such as Lloyd's PBO and DORA. Experience with international financial regulators is a plus.
- Strong organisational skills - able to track a high volume of open items, deadlines, and dependencies across multiple workstreams without losing grip.
- Clear communicator, written and verbal. Able to produce concise status updates and engage constructively with people at all levels.
Impact of the Role
Audit findings and regulatory commitments do not close themselves. Without someone actively tracking and chasing, items age, deadlines slip, and risk accumulates without anyone noticing until it becomes a problem. This role stops that from happening. In a Lloyd's market business with regulatory obligations spanning multiple jurisdictions, having someone who owns the tracking and coordination of Information Security GRC activity is not optional.
This is also a strong development role. The successful candidate will get direct exposure to ISO 27001 certification, Lloyd's PBO, DORA, international regulatory engagement, and the full audit lifecycle - with the Head of Information Security Governance Risk and Compliance providing direction and support. It is a good role for someone who wants to build a career in this space and is willing to put the work in.
Why Join Chaucer?
Chaucer is a leading global insurer operating in both Lloyd's and company markets, helping industries worldwide manage risk-from nuclear, shipping, manufacturing, and property. Headquartered in London, with offices in Copenhagen, Bermuda, Sydney, Ireland, Miami, Dubai, and Singapore, we're close to our clients wherever they are.
We have shown strong financial success with our Gross Written Premiums growing from $1.4bn in 2019 to $3.5bn in 2024. Backed by strong teams, platforms, and client relationships, Chaucer is poised for continued success.
We offer:
A flexible hybrid work model that supports individual and team needs.
A diverse, inclusive culture that values people for who they are.
Extensive, non-contributory benefits, including medical, life, and pension cover, flexible holidays, and wellbeing support.