FSCS • London & Homebased

Information Security, Governance and Compliance Specialist

Employment type:  Full time
Salary:  Circa £39,000

3–4 days/week at home

Fully flexible hours

Apply now

Job Description

The role supports the Information Security Manager to enable business processes and innovative technology to deliver key business objectives in a secure manner which protects FSCS reputation, organisational and customer data, in line with the risk appetite of the business The Information Security, GRC Specialist is responsible for enforcing the key components of the FSCS information security programme to ensure that technology products and services are secure by design and that all technology services can be delivered securely. The key disciplines within the role are:

  • Information Security: Supporting the Information Security Management System, optimising controls, policies and standards in key functional areas across the Scheme. Investigate and respond to any information security events/incidents.
  • Information Security Assurance activities: Delivering Information security assurance strategies, implementing continuous improvements, and delivering training programmes for each organisational department. Supporting Information Security audit activities.
  • Information Security Risk: Conduct risk analysis and contribute to the prioritisation of information security initiatives based on risk and business need.

My Priorities – what I will deliver

  • Draft information security policies, methods, and processes as necessary
  • Support internal audits and reviews of the Information Security Management System as part of the ISMS audit programme and management review
  • Generate reports on Information Security metrics, key risk indicators (KRI) and compliance for stakeholders
  • Support audits/assessments interface for various internal and external stakeholder requirements (i.e., ISO27001 certification, GDPR compliance assessment, audits, and regulatory reviews).
  • Maintain Continuous Security Improvement Plan (CSIP)
  • Support the ISMS, including compliance with annual reviews to ensure its continuing suitability, adequacy, and effectiveness. This annual review includes assessing opportunities for improvement and the need for changes to the ISMS
  • Investigate any information security incidents and implement any corrective actions
  • Analyses incident reports, identify root causes and planned improvement actions and prepare summary reports for management, identifying any relevant trends, ISMS performance and any further recommendations for action
  • Support the delivery of 3rd Party Due Diligence assessments for new & existing relationships
  • Conduct annual information risk assessments on information assets, supported by asset and risk owners as appropriate, and identify significant threat changes and exposure of information and information processing facilities to threats
  • Act as SME for Information security exercising and incident management.
  • Display and promote working and personal behaviours that accord with the Scheme’s. Values acting as a professional role model for all staff.
  • Deputies for Information Security Manager as required.

My knowledge – what I need to know

  • Security knowledge - Any IT security certifications in one of ISO 27001, CISSP, CISA, CCSP, or equivalent would be highly advantageous
  • Demonstrated knowledge and understanding of information risks and threats
  • Deep practical knowledge of information security constraints and best practice.
  • Strong experience of working with information security frameworks and standards such as ISO27001
  • Proven experience of conducting information security risk assessments following industry standards
  • Awareness of data protection legislation and its application in a practical way
  • Experienced producing quality documentation, including management information, security dashboards, reports, policies, standards, and guidelines


  • Understanding of Incident Management
  • Experience with writing and socialising policies, standards and procedures
  • Strong understanding of information security concepts such as security architecture and design, Information security standards and information security risk assessment.
  • Proven understanding of business continuity and compliance and audit frameworks

Company benefits

Open to part-time employees
Open to job sharing
Open to compressed hours
Enhanced maternity leave – 26 weeks
Enhanced paternity leave – 26 weeks
Adoption leave
Shared parental leave
Work from anywhere scheme – 4 weeks working overseas per year
26 days annual leave + bank holidays
Work from home allowance
Pregnancy loss leave
Teambuilding days
An additional 20 days dependants leave.
Private medical insurance for your whole family.

We asked employees of FSCS how satisfied they were with flexible working, and this is what they told us

Employees are largely happy with their working location freedom
Employees are very happy with the flexibility in the hours they work
Employees are very happy with the benefits their company offers
Work-life balance
Employees feel that they can switch off quite easily from work
Role modelling
Employees feel that most people work flexibly
Employees feel that they can mostly manage how they get their own work done
Working at FSCS

Company employees


Office locations

City of London

Hiring Countries

United Kingdom
What employees are saying

A really flexible place to work, that embraces the 'your day, your way' philosophy. Very inclusive to different circumstances. For me it means I get a solid 'work life' balance around child care and work. Love it :)

FSCS Employee