Senior Governance, Risk and Compliance Analyst

About us

We are Direct Line Group – home to some of the country's best-known brands including Direct Line, Churchill, Privilege, Greenflag and NIG. Our vision is to create a world where insurance is personal, inclusive, and a force for good, and our purpose is to help people carry on with their lives, giving them peace of mind now and in the future.

DLG is at an important stage in its evolution to be a technology and data company. Following a few years of significant build and transformation of core assets, ranging from telephony to core customer-facing platforms, an Agile transformation for key segments of our business is bedding in with the intent of better serving our customers at pace. However, there is more to do!

The role:

As one of our CISO Senior Governance, Risk & Compliance Analysts within in our GRC team, your responsibility is to ensure a strong security, technology, privacy and resilience policy and control environment embedded across Direct Line Group.  This will involve developing and implementing the risk, policy and controls framework as well as identifying key risks and providing 1LoD assurance and oversight over the design adequacy and operational effectiveness of controls.

You will look to continually increase technology resilience and reduce technology risk by embedding a culture of security and resilience through behaviours, designs and controls that underpin the DLG Vision and Strategic Objectives.

N.B This is a hybrid role and we'd like you to be in our London office c.2-4 times per month.

Who you’ll be working with:

You’ll join our  Governance, Risk & Compliance team who are part of our CISO function and report into our Risk Lead. Our CISO function has been re-energised and comprises of Cyber Defence Centre, Business Resilience, Governance, Risk & Compliance, Privacy & Information Management, Strategy & Operating Office and Security Innovation & Enablement.

What you’ll be doing:

• Continuous improvement of the risk framework and risk profile and methodology for providing assurance over the Design Adequacy and Operational Effectiveness of technology resilience and risk controls
• Develop, maintain and coordinate the regular review of cyber and technology minimum standards and policies and controls framework; aligned with regulatory requirements, best practice and internal policies
• Drive automation of processes, including the development and implementation of continuous compliance and controls monitoring and supporting service wrappers   
• Assess whether the design adequacy and operational effectiveness of controls, achieve control objectives and mitigate inherent risk
• Engage with and support control owners in creating remediation plans to address process and control inadequacies
• Identify and draw out technology and compliance risks through discussions, workshops, relevant meetings, and engagement with projects and programmes
• Produce reporting/management information and update the groups risk management tool to reflect the results of risk management and controls assurance activity
• Support the completion of technology risk assessments and coordinate the collection of evidence for external and internal audit requirements
• Build relationships with 2nd and 3rd lines of defence to ensure transparency of 1st line assurance and support with the enterprise Risk Control Self-Assessment(RCSA) process

What you’ll need:

• Experience of working within a technology governance risk and compliance role, ideally within Financial Services
• Excellent working knowledge of developing security, technology, privacy and resilience policy and controls frameworks
• Previous experience/knowledge of controls testing and implementing continuous controls compliance and monitoring
• Excellent working knowledge of risk management tools, methodologies, control taxonomies and industry standard frameworks (NIST, ISO 27001, COBIT, PCI-DSS, ITIL, TOGAF)
• Experience of working in cloud environment, ideally with platforms such as Microsoft Azure and AWS
• Experience of third-party relationships and identifying and managing the associated technology and information security risks
• Excellent communication and stakeholder management skills and experience of preparing formal reporting for senior management

Ways of Working

Here at Direct Line Group, we recognise the importance of flexibility, not only in our personal lives but also in the way we work. Our mixed model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone.

How much you'll be in the office depends on your role, and we'll consider the flexible working options that work best for you. You can find out more about our flexible working approach or please get in touch with the team to discuss.

Benefits

We recognise we wouldn't be where we are today without our colleagues, that's why we offer such excellent benefits designed to suit you as and when you need them:

• 9% employee contributed pension
• 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover
• Additional optional Health and Dental insurance
• Up to 10% bonus
• EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.
• 25 days holidays
• Buy as you earn share scheme
• Employee discounts and cashback

Life at Direct Line Group

Direct Line Group is an equal opportunity employer. We value diversity and we're committed to making DLG a truly inclusive place to work.

We recognise and embrace that people work in different ways and we'll always adapt as much as possible so you have the best and most comfortable working environment that we can offer. We know you're more than a CV, and the things that make you, you, can bring real potential to DLG.

If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you.

#LI-HYBRID

#LI-BB1