GWI
Information Security Governance, Risk and Compliance Specialist

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Location: London, UK
Weekly office requirement: Hybrid – 2 days per week
Employment type: Permanent
Seniority level: Mid-Senior
At GWI we're always looking for extraordinary people who thrive on making an extraordinary impact. Right now we're looking for an Information Security GRC Specialist to play a key role in our Legal team in London. If that's you, and making a difference gets you out of bed in the morning, keep reading. It could be the start of something, well, extraordinary.
Sounds great, what will I be doing? 🤔
As our Information Security GRC Specialist you'll play a pivotal role in shaping the future of security compliance at GWI. Reporting into our General Counsel and working closely with our Information Security, Product, and Technology teams, you'll own our compliance posture across security frameworks, vendor risk, and client-facing security requirements — while building a security-conscious culture across the business.
A few things you'll be responsible for:
- Own and maintain GWI's ISO 27001 certification and compliance across relevant security frameworks, keeping our posture sharp as the threat landscape evolves.
- Develop, implement, and maintain information security policies and procedures aligned with industry best practices.
- Lead vendor risk management and client security assessments — including responding to client security questionnaires and onboarding requirements.
- Build and maintain GWI's security trust portal, showcasing our credentials to clients and stakeholders using tools such as Drata or Vanta.
- Drive security awareness across the business through training programmes and internal communications that promote a strong GRC culture.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
It's also fun; shaking things up is what working for GWI is all about. You'll need to be flexible, comfortable with continuous change, and working in a high-tempo environment.
What do I need to bring with me? 🧳
You'll need to be able to demonstrate the core skills this role requires. You don't have to tick all the boxes right away; the important thing is that you're willing to learn. Here's what the team will be looking for in you:
- In-depth, practical experience obtaining and maintaining ISO 27001 certification, with solid knowledge of frameworks such as NIST — typically 3–5 years in an information security compliance role, though other experience levels will be considered.
- Proven ability to develop and maintain security policies and procedures that align with industry best practice.
- Experience conducting vendor security assessments and managing client security onboarding requirements, balancing risk against commercial objectives.
- Hands-on experience building or maintaining a security trust portal; familiarity with tools such as Drata or Vanta is a plus.
- Knowledge of SaaS and AI environments, with experience implementing and managing cloud security best practices.
- Strong communication skills — able to translate complex GRC topics into clear internal guidance and keep the wider business informed and engaged on security matters.
Equally important is attitude. We want people who think big (to make an impact), ask why (to find a better way), and show respect (to everyone, at every level, all the time). Those are our values, and they're a big part of what we're looking for in you.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
What We Offer 🧘
At GWI, you’ll find meaningful work, visible impact, and a culture that empowers you to do your best. Our package includes:
- Time to recharge – 25 days’ annual leave, plus office closures over the holidays.
- Health & wellbeing – Health cash plan, enhanced family benefits, carer days, and mental health support.
- Financial benefits – Competitive salary, 4% pension matching, and recognition programs that celebrate success.
- Flexibility & balance – Flexitime, early Friday finishes, hybrid and remote options, plus a “work from home” budget.
- Career growth – Accredited learning, leadership development, and global career mobility.
- Community & impact – DE&I initiatives, volunteering opportunities, donation matching, and payroll giving.
Put all that together and GWI is the friendliest, most fulfilling place any of us has ever worked.
Diversity, Equity & Inclusion 🫶
Diversity is fundamental to who we are—both as a data company and as a workplace. Our data reflects global realities, and so must our teams. We strive to ensure our workforce is as diverse and inclusive as the insights we provide to our clients.
As a Disability Confident employer, we welcome applications from disabled candidates and are committed to providing all necessary adjustments during the hiring process. We also actively encourage applications from underrepresented and marginalized communities.
At GWI, you will find a place where you can contribute meaningfully, grow professionally, and belong fully.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location