Cyber Security Governance Specialist

Since 2015, we've been using our love of data and tech to rethink motor insurance and bring drivers a great experience at a great price. Our story began in Italy, where we've quickly become the number one online motor insurance provider. In fact, we're trusted by over 5 million drivers. And now we're expanding to help millions more drivers in the UK and Spain. To help fuel that growth, we need a Cyber Security Governance Specialist to join our Security Team. The Engineering Department is the beating heart of Prima. You'll be joining over 300 engineers across software development, infrastructure, operations and security: fueled by curiosity, experimentation and collaboration, you'll help deliver scalable, impactful solutions that shape the future of insurance. Excited to make an impact? Here are the details, * Contribute to the definition, implementation, and continuous improvement of the cybersecurity governance framework, including policies, procedures, and controls aligned with international standards and regulatory requirements (e.g. ISO/IEC 27001, NIST CSF, COBIT, GDPR, DORA)

• Perform security audits, gap analyses, and cyber risk assessments, identifying remediation actions and supporting their execution with relevant stakeholders
• Participate in third-party security and resilience assessments
• Support Business Continuity Management (BCM) and IT Disaster Recovery (DR) activities, contributing to Business Impact Analyses (BIA) activities, critical asset dependency mapping, the definition and maintenance of Recovery Time and Recovery Point Objectives (RTOs/RPOs) and participation in business continuity and IT Disaster Recovery tests and exercises (e.g. tabletop simulations)
• Support cybersecurity awareness initiatives, training programs, and onboarding activities related to security topics, * Certifications such as CISSP, CISM, CRISC, ISO/IEC-27001 Lead Implementer/Lead Auditor, ISO 22301
• Exposure to Business Continuity Management and recovery planning
• Experience supporting regulatory compliance for new digital operational resilience standards (e.g., DORA)

Do you have experience in Software development?, * 2+ years of experience in cybersecurity governance, risk, compliance, or security assurance roles, either in-house or within a consulting environment, preferably in regulated or complex organisational contexts

• Proven knowledge of major cybersecurity frameworks (e.g., ISO/IEC 27001, NIST CSF) and regulatory landscapes (GDPR, DORA)
• Proven experience in developing policies, conducting gap analyses, audit activities and defining remediation plans
• Familiarity with Business Continuity Management (BCM) and IT Disaster Recovery (DR) concepts, including participation in Business Impact Analyses (BIA), critical asset dependency mapping, definition of RTOs and RPOs and Disaster Recovery tests or exercises
• Strong English communication skills, with the ability to collaborate effectively with multidisciplinary teams, Work Your Way: Enjoy full flexibility - work from home, the office or a mix of both. Plus, work from anywhere for up to 30 days a year.

At Prisma, we are building the data layer for modern applications. If you are fascinated by the leading-edge architecture and technology used in today’s data-intensive, highly scalable software systems, with distributed graph data on a massive scale, but you want the energy, challenges, and freedom that come with working in a small startup, then a job at Prisma might be for you.

With funding from top-tier investors Amplify Partners and Kleiner Perkins, we are a small, distributed team working on making the advanced data infrastructure developed by large tech companies accessible to all application developers around the world. Our hard work is paying off, with adoption and implementation of Prisma by some of the most successful and interesting companies out there today, and the fun is just beginning!