Security GRC Analyst [T500-15737]

About BRIT: Brit India GCC is the heart of Brit Insurance’s innovation engine. Their team of highly skilled professionals specializes in Data Engineering, Platform Engineering, Full-Stack Web Application Development, Data Management, and Testing. Born in 1995 in London (UK), Brit Ltd. is a leading international general insurance and reinsurance group. Boasting one of the largest and most diverse portfolios in Syndicate 2987, we hold an influential and respected presence at Lloyd's of London. Renowned for our innovative approach to commercial insurance and reinsurance, we at Brit are committed to securing an uncertain future with a hallmark of certainty. Technology at Brit: Brit has a leadership position at Lloyd’s, the most well-known insurance market in the world. At Brit, we believe that the uncertainty of the future should never stand in the way of progress. That’s why we exist. To help people and businesses face the future and thrive. We are change-makers enabled by a global workforce who collaborate to deliver a risk service. Our goal is to attract and retain the best talent in the market and empower those individuals to innovate, and champion the strategic objectives within the business. Our technology and data teams have led some of the most noteworthy developments in the London market, by delivering digital, data and AI driven capabilities. Data is a key capability to drive Brit’s ambition for digital, innovation, growth and efficiencies. Brit leads the market with respect to our data modernisation journey, delivering on our vision to build a central, trusted, cost efficient, flexible, and scalable cloud native data platform that enables us to harness maximum value from internal and external data for Brit. Brit is active in advancing digital trading approaches, most notably with respect to Broker APIs. At Brit, we are designing a multi class of business headless API which connects Brits pricing and document generation to multiple global Broker platforms, Market Hubs, and enables bulk submission ingestion. Brit has launched its Underwriting Transformation journey advancing our capabilities deploying digital foundations for pricing and underwriter workbench. Brit’s new modern Underwriting Platform is at the heart of this transformation agenda, with a focus on engineering, upskilling in python, exploring ingestion and analytics, we are actively delivering our digital future. Our market leading proprietary machine learning algorithm designed to accelerate the identification of post catastrophe property damage, based on the use of ultra-high-resolution imagery, allows Brit to accelerate service to its customers when they need it most, noted as the first enabler for virtual claims adjusting in the London market. We value continuous learning & exploration, encouraging our people to constantly evolve and take advantage of the best-in-class technology & tooling. If you have the drive to work in a flexible, fun, passionate Technology and Data team we would love to hear from you! Purpose of the Job: To protect the confidentiality and integrity of information within Brit, whilst ensuring we maintain legitimate access to it, through the provision of effective security governance services addressing the areas of awareness, crisis management, policy / process management, compliance, supply chain risk, change management and risk management. Principal Accountabilities:

• Conduct due diligence assessments of third-party vendors to evaluate their cybersecurity practices and potential risks.
• Maintain our third-party risk management program, including policies and procedures for vendor risk assessments.
• Perform ongoing monitoring and periodic reassessments of third-party vendors to ensure continued compliance and risk mitigation.
• Maintain an inventory of third-party vendors and their associated risks, including risk ratings and mitigation plans.
• Ensure compliance with all applicable internal and external control requirements, aligning with the Internal Audit and Financial Controls teams.
• Assist in the development and maintenance of the organisation’s risk management framework.
• Identify and assess cyber risks across the organisation, including emerging threats and vulnerabilities.
• Develop and implement risk mitigation strategies to address identified cyber risks.
• Conduct regular risk assessments and threat modelling exercises to identify potential security weaknesses.

• Develop, implement, and maintain cybersecurity policies, standards, and procedures.
• Monitor and ensure compliance with relevant regulatory requirements (e.g., GDPR, FCA, PRA).
• Contribute to the design, creation, and maintenance of risk-based metrics.
• Perform security audits and assessments to ensure the effectiveness of security controls.
• Collaborate with various departments to ensure cybersecurity best practices are integrated into business processes.
• Prepare and present reports on cybersecurity risks, compliance status, and audit findings to senior management.
• Develop and deliver cybersecurity awareness training programs for employees.
• Prepare team members and necessary materials for audit meetings (e.g., control design walkthroughs), follow-up requests, and testing.
• Partner with senior IT leaders to ensure team member accountability for completing audit assignments on time with the appropriate level of priority, thoroughness, and accuracy, according to documented procedures.
• Track and report on all technology audit actions – supporting technology in ensuring action owners are held accountable for closing audit actions in a timely manner.
• Stay up to date with the latest cybersecurity trends, threats, and regulatory changes.
• Assist the Cyber Security and Technology Governance Manager to represent the business at all appropriate industry, government, and general CS&IA forums, committees, and conferences.

• Act with integrity.
• Act with due skill, care, and diligence.
• Be open and co-operative with Lloyd’s, the FCA, the PRA, and other regulators.
• Pay due regard to the interests of customers and treat them fairly.
• Observe proper standards of market conduct.

• Strong interpersonal skills.
• Ability to effectively communicate issues to peers and management.
• Proactive and keeps up to date with current trends in an ever-changing industry.
• 3-5 years’ experience in a GRC role or equivalent in related fields.
• CISSP, CISM or CISA certification is desirable but not essential.
• Technical knowledge of IT including; networks, operating systems, databases, firewalls, anti-virus, VA and patch management.
• Awareness of the UK Data Protection Act (and GDPR), NIST, ISO 27001 and PRA initiatives and the UK Governments’ Cyber Essentials and Cyber

• Strong interpersonal / communication skills and experience of working with off-shore / outsourced IT (including Security) teams.
• An understanding of UK insurance is desirable.