Cyber Security Governance Specialist

Are you looking for a new challenge?

Fancy helping us shape the future of motor insurance?

Prima could be the place for you.

Since 2015, we've been using our love of data and tech to rethink motor insurance and bring drivers a great experience at a great price. Our story began in Italy, where we've quickly become the number one online motor insurance provider. In fact, we're trusted by over 4 million drivers. And now we're expanding to help millions more drivers in the UK and Spain.

To help fuel that growth, we need a
Cyber Security Governance Specialist
to join our
Security
Team
.

The Engineering Department is the beating heart of Prima. You'll be joining over 300 engineers across software development, infrastructure, operations and security: fueled by curiosity, experimentation and collaboration, you'll help deliver scalable, impactful solutions that shape the future of insurance.

Excited to make an impact? Here are the details
What You'll Do

• Contribute to the definition, implementation, and continuous improvement of the cybersecurity governance framework, including policies, procedures, and controls aligned with international standards and regulatory requirements (e.g. ISO/IEC 27001, NIST CSF, COBIT, GDPR, DORA)
• Perform security audits, gap analyses, and cyber risk assessments, identifying remediation actions and supporting their execution with relevant stakeholders
• Participate in third-party security and resilience assessments
• Support Business Continuity Management (BCM) and IT Disaster Recovery (DR) activities, contributing to Business Impact Analyses (BIA) activities, critical asset dependency mapping, the definition and maintenance of Recovery Time and Recovery Point Objectives (RTOs/RPOs) and participation in business continuity and IT Disaster Recovery tests and exercises (e.g. tabletop simulations)
• Support cybersecurity awareness initiatives, training programs, and onboarding activities related to security topics

What We're Looking For

• 2+ years of experience in cybersecurity governance, risk, compliance, or security assurance roles, either in-house or within a consulting environment, preferably in regulated or complex organisational contexts
• Proven knowledge of major cybersecurity frameworks (e.g., ISO/IEC 27001, NIST CSF) and regulatory landscapes (GDPR, DORA)
• Proven experience in developing policies, conducting gap analyses, audit activities and defining remediation plans
• Familiarity with Business Continuity Management (BCM) and IT Disaster Recovery (DR) concepts, including participation in Business Impact Analyses (BIA), critical asset dependency mapping, definition of RTOs and RPOs and Disaster Recovery tests or exercises
• Strong English communication skills, with the ability to collaborate effectively with multidisciplinary teams

Nice-to-have

• Certifications such as CISSP, CISM, CRISC, ISO/IEC-27001 Lead Implementer/Lead Auditor, ISO 22301
• Exposure to Business Continuity Management and recovery planning
• Experience supporting regulatory compliance for new digital operational resilience standards (e.g., DORA);

Why you'll love it here
Work Your Way:
Enjoy full flexibility – work from home, the office or a mix of both.

This is a full remote position and we're considering candidates located in Italy, Spain or UK.

Grow with us:
We may move fast at Prima, but we move together. Get access to learning resources, mentorship and a growth plan tailored to you.

Thrive and perform:
Your best work begins when you feel your best. Enjoy private healthcare, gym discounts, wellbeing programs and mental health support.

Think you're a match?
Apply now
.

At Prima, we celebrate uniqueness. If you don't meet every requirement but are passionate about this role, we still want to hear from you. Innovation thrives on diverse perspectives.

Prima is proud to be an equal opportunity employer. Need accommodations during the process? Email us at Let's build the future of insurance, together.