Information Security Governance Risk & Compliance Analyst

Competitive plus benefits

  • Permanent
  • 151 Kilbirnie Street
  • Glasgow

We’re looking for a technically-minded, experienced Information Security Governance Risk & Compliance Analyst to join our Glasgow-based team.

About the role

Working closely with internal technical and non-technical teams, as an Information Security Governance Risk & Compliance Analyst you’ll make sure that our Group information security policies and standards are upheld.

You’ll already have experience of working in an information security team, with excellent understanding and experience of working with information security policies and standards to ensure compliance.

Day-to-day duties

  • Engaging with internal projects to make sure that information security requirements are met during every step of the process.
  • Liaising with third parties and providing the high level of assurance required for a business tender or information security audit.
  • Conducting due diligence steps against third parties who are entrusted to handle Arnold Clark information.
  • Carrying out compliance reporting on external frameworks such as DPA, GDPR and PCIDSS.
  • Creating and carrying out an audit process for third parties so that risks are identified and managed.
  • Working closely with the Information Security Operations Analyst to identify risks.
  • Managing the Arnold Clark information security risk register.
  • Advising on information security risks and making sure that they are clearly articulated and understood.
  • Identifying and escalating any risks, issues, threats and vulnerabilities to the Arnold Clark Information Security Officer.
  • Establishing relationships with internal and external stakeholders.

Essential skills

  • Proven experience of working in an information security team.
  • Knowledge of information security frameworks, including PCIDSS, data protection, GDPR, ISO27k series.
  • Thorough understanding of the risk management process.
  • Broad and in-depth understanding of information technology stacks including networks, server, client, mobile and security technologies.
  • Third party assurance and due diligence experience.
  • Information security project engagement experience.
  • Strong communication skills, situational analysis and decision-making abilities.
  • The ability to manage your workload according to business and operational demands.
  • Qualifications within IT security such as CISSP, CEH, CISM are highly desirable but not essential.

In exchange for your experience and skills, you will receive one of the best employee benefit packages in the automotive industry, including private healthcare, life assurance and staff discounts.

Employment within the Arnold Clark Group is offered subject to satisfactory reference and disclosure checks.

Only successful candidates will be contacted for interview.

Benefits

Every Arnold Clark employee is entitled to a wide range of benefits, including:

  • Discount on new and used vehicles
  • Contributory pension scheme
  • Private medical insurance
  • Life assurance

About Arnold Clark

Arnold Clark is Europe’s largest independent car retailer with over 200 branches across the UK. And you could be part of it.

  • Over 11,000 employees
  • Annual turnover of over £3 billion
  • 24 new car franchises
  • Retails over 280,000 vehicles per year
  • Servicing, repairs, MOTs and tyres

Employment with Arnold Clark is offered subject to satisfactory reference and disclosure check. Only successful candidates will be contacted for interview. Some benefits are only available after a qualifying period.