Security Governance Analyst

🔒 Confidential Employer
Posted 8 May 2026
LOCATION
London
TYPE
Full-time
LEVEL
Mid-Senior level
CATEGORY
Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

Phishing simulations Security awareness training Policy lifecycle management SOC 2 ISO 27001 Communication Program management AI tools

FULL DESCRIPTION

Security Governance Analyst

[Employer hidden — sign up to reveal] is looking for a Security Governance & Awareness Analyst to join our team and execute the day-to-day operations of our security awareness programs and policy management lifecycle. You will own the operational delivery of phishing simulations, targeted training campaigns, and policy review cycles—focusing on defending against modern threats like AI-generated social engineering while maintaining our regulatory and compliance posture.

Location: London, UK

Department: Security, Risk & Fraud

What You’ll Do

  • Lead the day-to-day execution of phishing simulations and mandatory training, focusing on modern threats like AI-generated social engineering, deepfake audio/video, and sophisticated LLM-based phishing.
  • Develop and deliver specialized training for high-risk employee groups (e.g., Helpdesk, Sales, Call Centers) to defend against account takeover, identity verification bypass, and customer data targeting.
  • Own the operational cycle for all security policies, standards, and procedures—ensuring documents are reviewed, updated, and published on schedule with proper version control and stakeholder feedback.
  • Maintain the centralized policy repository and ensure policies align with SOC 2, ISO 27001, PCI-DSS, and evolving AI governance standards for audit readiness.
  • Design and distribute internal security alerts, manage the security and compliance newsletter, and create engaging content about emerging threats for diverse stakeholders.
  • Compile and analyze data on simulation success rates, training completion, and policy compliance for executive-level reporting and program optimization.
  • Partner with Legal, HR, and Engineering to collect policy feedback and coordinate awareness initiatives across the organization.

What We’re Looking For

  • 2–4 years in Security Awareness, Corporate Training, or GRC.
  • Strong written and verbal communication skills.
  • Strong understanding of contemporary social engineering tactics, including deepfakes, AI-driven phishing, vishing, and identity verification attacks.
  • Hands-on experience with Security Awareness platforms (e.g., Adaptive, KnowBe4, Proofpoint) and Policy Management software.
  • Proven ability to manage multiple concurrent initiatives in a fast-paced environment.
  • Growing familiarity with AI tools (Claude, Gemini, etc.).
  • Working knowledge of SOC 2, ISO 27001, PCI-DSS, and NIST CSF.
  • Preferred: Relevant industry certifications (e.g., CompTIA Security+, SANS SSAP).

About [Employer hidden — sign up to reveal]

[Employer hidden — sign up to reveal] (Nasdaq: NAVN) is the leading all-in-one business travel, payments, and expense management platform. See how [Employer hidden — sign up to reveal] customers benefit and learn more at [Employer hidden].com.

Our Benefits

[Employer hidden — sign up to reveal] offers a comprehensive benefits program including healthcare coverage, retirement savings, equity plans, flexible time off, paid parental leave, and more.

Workplace Policy

Our employees work from the office four days a week.

Equal Opportunity

[Employer hidden — sign up to reveal] is an equal opportunity employer.

Accommodations

If you need assistance, email us at [Employer hidden — sign up to reveal].

Sign up free — access 45,000+ UK sponsor-licensed jobs