SBG are excited to be recruiting a newly created senior role responsible for designing, embedding, and continuously improving our Information Governance Framework.
You will own and lead governance across Tier 1 policy, Tier 2 standards, and supporting controls, driving data and AI governance while ensuring compliance with UK GDPR, DPA 2018, FCA regulations, and Cyber Essentials Plus.
Leading a Cyber Specialist and Data Protection team, you’ll provide oversight across information security, cyber incident response, and employee awareness - ensuring SBG meets its obligations to customers, regulators, and the Board.
Working closely with Enterprise Data & Security, Legal, Procurement, Risk, and Technology, you’ll establish practical, proportionate, and audit-ready standards that underpin our Databricks platform and support secure, responsible AI adoption.
Governance & Framework
- Own and maintain the Information Governance Policy (Tier 1), presenting updates to the Board and CIO.
- Develop, review, and publish all Tier 2 standards annually.
- Maintain a governance register of standards and controls.
- Lead or contribute to governance forums and committees.
Data Protection & Privacy
- Lead UK GDPR compliance, including ROPA, DPIAs, data breaches, and DSARs.
- Support or act as DPO and liaise with the ICO.
- Strengthen data protection controls across systems and the data platform.
Cyber Security & Incident Response
- Provide direction to cyber security activities and controls.
- Own the Cyber Incident Response Plan, including escalation procedures.
- Maintain Cyber Essentials Plus and support future ISO 27001 readiness.
- Lead response to major cyber or data incidents.
AI & Data Governance
- Develop and embed AI governance standards.
- Enforce data governance (classification, quality, access) within Unity Catalog.
- Support assessment and onboarding of third-party AI tools.
People, Culture & Suppliers
- Lead, coach, and develop the cyber and data protection team.
- Deliver employee awareness and training programmes.
- Oversee supplier security assessments and risk registers.
- Engage with regulators and external bodies.
Risk & Regulatory
- Identify and manage information governance and cyber risks.
- Ensure alignment with FCA requirements and strong customer outcomes.
-
Strong expertise in UK GDPR and practical experience with DPIAs, DSARs, and breaches.
- Experience implementing cyber or data governance frameworks (e.g. Cyber Essentials Plus, ISO 27001).
- Proven people management within technical or compliance teams.
- Ability to translate complex risk into clear, board-level communication.
- Experience creating governance policies, standards, and frameworks from scratch.
- Strong stakeholder management across business, legal, and technology.
- Experience with incident response planning, risk management, and audit readiness.
- Understanding of AI governance and data platform controls (ideally Databricks).
- Experience managing supplier security risk.
- Knowledge of FCA expectations within financial services.
- Excellent communication, organisation, and prioritisation skills.
-
Hybrid working – 2 days in the office and 3 days working from home
- 25 days annual leave, rising to 27 days over 2 years’ service and 30 days after 5 years’ service. Plus bank holidays!
- Discretionary annual bonus
- Pension scheme – 5% employee, 6% employer
- Flexible working – we will always consider applications for those who require less than the advertised hours
- Flexi-time
- Healthcare Cash Plan – claim cashback on a variety of everyday healthcare costs
- Electric vehicle – salary sacrifice scheme
- 100’s of exclusive retailer discounts
- Professional wellbeing, health & fitness app - Wrkit
- Enhanced parental leave, including time off for IVF appointments
- Religious bank holidays – if you don’t celebrate Christmas and Easter, you can use these annual leave days on other occasions throughout the year.
- Life Assurance - 4 times your salary
- 25% Car Insurance Discount
- 20% Travel Insurance Discount
- Cycle to Work Scheme
- Employee Referral Scheme
- Community support day
Somerset Bridge Group is dedicated to delivering fair products and innovative services in the insurance industry. Our group focuses on underwriting, broking, and claims handling to provide sustainable and innovative insurance solutions. Somerset Bridge Insurance Services Limited, operating under GoSkippy and Vavista, offers insurance coverage to over 700,000 customers. Somerset Bridge Limited handles underwriting and claims, processing almost 50,000 claims annually. Somerset Bridge Shared Services Limited provides essential support functions to ensure operational efficiency and compliance. With a strong commitment to values, culture, and customer service excellence, Somerset Bridge Group is recognised for its industry awards and growth. Join us to be part of a dynamic team that fosters creative thinking and personal development.
We are very proud to have been awarded a Silver Accreditation from Investors in People! We recognise that all of our people contribute to our success. That's why we are always looking for talented people to join our team - people who share our vision, who are passionate about what they do, and who want to be part of something special.
Equal Opportunity Employer
Somerset Bridge Group is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. We prohibit discrimination or harassment of any kind based on race, color, religion, national origin, sexual orientation, gender, gender identity or expression, age, pregnancy, physical or mental disability, genetic factors or other characteristics protected by law. SBG makes hiring decisions based solely on qualifications, skills and business requirements.
