We are looking for a Cyber Security Governance Risk and Compliance Analyst to join our busy Cyber Security team in Kilbirnie Street.
Why choose us?
- 33 days’ holiday allowance with room to grow
- Generous retail discounts
- Private healthcare
- Simplyhealth – all employees have access to a GP 24/7 and can claim money back on medical and dental treatments
- Pension scheme
- Maternity and paternity packages
- Opportunities for training and progression
Full time: Monday – Friday, 8.30am – 5pm
About the role
This role will help ensure that Arnold Clark systems are appropriately secured and do not incur excessive risk to business services.
The successful candidate will work very closely with internal technical and non-technical teams to ensure risks are identified and that the business aligns with Arnold Clark’s cyber security policies and standards.
- Presenting, developing, and maintaining Arnold Clark's cyber risk framework.
- Oversight of cyber security risks and issues, including independent review, assurance review and timely reporting to key stakeholders in relation to the effectiveness of the control environment.
- Overseeing the effective recording, analysis and reporting of cyber security risk incidents and evaluating materiality.
- Engaging with internal projects to ensure that the Cyber Security team is represented and that cyber security requirements are met.
- Conducting the required due diligence steps against third parties which handle Arnold Clark data.
- Compliance reporting on external frameworks such as Cyber Essentials +, GDPR and PCI-DSS and any associated risks and required steps.
- Executing the Arnold Clark audit process for third parties to ensure that risks are identified and managed.
- Working closely with all Arnold Clark Digital teams to identify, track and report on risks to the Arnold Clark organisation.
- Escalating any identified risks, issues, threats and vulnerabilities to the Arnold Clark Cyber Security GRC Manager.
- Providing security consultancy to projects ensuring due diligence activities are carried out against third parties where required.
- Providing assurance to third parties where required.
- Establishing relationships with internal stakeholders – both technical and non-technical teams.
Essential skills and experience
- Basic knowledge of or exposure to Cyber Security frameworks, including NIST, PCIDSS, Data Protection, GDPR, etc. is desirable.
- Experience of drafting/maintaining policies, processes and standards.
- Exposure to risk management and process to ensure risks are documented, reported and escalated appropriately.
- Good understanding of cyber technology stacks including networks, server, client, mobile and security technologies and the ability to understand and discuss technical concepts.
- Project engagement experience desirable to consult with projects for the Cyber Security team.
- Strong situational analysis and decision-making abilities.
- Ability to prioritise your own workload according to business and operational demands.
- Ability to interact with subject matter experts and liaise with users at all levels and build relationships.
- Qualifications within IT Security, such as CompTIA Sec+, CRISC highly desirable but not essential.
- Willingness to obtain security qualifications and experience on the job training.
Arnold Clark is committed to creating a diverse and inclusive workplace. We strive to create an environment where collaboration, unique perspectives and multiple approaches are celebrated. We care about our employees and our communities, we nurture talent and encourage ambition, and we are passionate about people who take pride in their work. Our employees are at the heart of everything we do – diverse in our make-up, united in our goals.
To find out more about Life at Arnold Clark, visit our website.
Employment within the Arnold Clark Group is offered subject to satisfactory reference and disclosure checks.