We’re recruiting for an Information Security Governance, Risk and Compliance Analyst at our Kilbirnie Street site in Glasgow.
Full time, Monday–Friday, 8.30am to 5pm
About the role
This role will help ensure that Arnold Clark information systems are appropriately secured and do not incur excessive risk to business information or services.
The successful candidate will work very closely with internal technical and non-technical teams to make sure risks are identified and that the business adheres to Arnold Clark Information Security policies and standards.
- Presenting, developing, and maintaining Arnold Clark's Digital Risk Management Framework.
- Oversight of information security risks and issues, including independent review, assurance review and timely reporting to key stakeholders in relation to the effectiveness of the control environment.
- Oversee the effective recording, analysis and reporting of information security risk incidents and evaluating materiality.
- Engaging with internal projects to make sure that Information Security is represented and that Information Security requirements are met.
- Conducting the required due diligence steps against third parties which handle Arnold Clark information.
- Compliance reporting on external frameworks such as Cyber Essentials +, GDPR and PCI-DSS and any associated risks and required steps.
- Execution of the Arnold Clark audit process for third parties to identify and manage risks.
- Working closely with the Information Security Operations team to identify, track and report on risks to the Arnold Clark organisation.
- Escalating any identified risks, issues, threats and vulnerabilities to the Arnold Clark Head of Information Security.
- Internal technical teams
- Internal business non-technical teams
- Third parties – Assurance
- Third parties – Due diligence
- Information Security consultancy vendors
Required experience and skills
- Basic knowledge of or exposure to information security frameworks, including PCIDSS, Data Protection, GDPR, ISO27k Series, etc. is desirable.
- Experience of drafting/maintaining policies, processes and standards.
- Exposure to risk management and process to appropriately document, report and escalate risks.
- Good understanding of information technology stacks including networks, server, client, mobile and security technologies, and the ability to understand and discuss technical concepts.
- Project engagement experience desirable to consult with projects for the Information Security team.
- Strong situational analysis and decision-making abilities.
- Ability to prioritise your own workload according to business and operational demands.
- Ability to interact with subject matter experts and liaise with users at all levels and build relationships.
- Qualifications within IT security, such as CompTIA Sec+, CRISC, CISA, CISM are highly desirable but not essential.
- Willingness to obtain security qualifications and experience on the job training.
- Minimum of three years’ experience in an information technology role.
- Provide security consultancy to projects ensuring due diligence activities are carried out against third parties where required.
- Assurance is provided to third parties where required.
- Assiting Arnold Clark Digital across the risk lifecycle as part of Information Security’s role as custodian of the Arnold Clark Digital risk register
- Established relationships are in place with internal stakeholders.
In return for your skills, you’ll receive one of the best employee benefits packages in the automotive industry, including free private healthcare, pension, life assurance, generous staff discounts, and all the training you need to help you to succeed in your role.
Employment within the Arnold Clark Group is offered subject to satisfactory reference and disclosure check.
Closing Date: 05 May 2021