We’re looking for a technically-minded, experienced Information Security Governance Risk & Compliance Analyst to join our Glasgow-based team.
About the role
Working closely with internal technical and non-technical teams, as an Information Security Governance Risk & Compliance Analyst you’ll make sure that our Group information security policies and standards are upheld.
You’ll already have experience of working in an information security team, with excellent understanding and experience of working with information security policies and standards to ensure compliance.
- Engaging with internal projects to make sure that information security requirements are met during every step of the process.
- Liaising with third parties and providing the high level of assurance required for a business tender or information security audit.
- Conducting due diligence steps against third parties who are entrusted to handle Arnold Clark information.
- Carrying out compliance reporting on external frameworks such as DPA, GDPR and PCIDSS.
- Creating and carrying out an audit process for third parties so that risks are identified and managed.
- Working closely with the Information Security Operations Analyst to identify risks.
- Managing the Arnold Clark information security risk register.
- Advising on information security risks and making sure that they are clearly articulated and understood.
- Identifying and escalating any risks, issues, threats and vulnerabilities to the Arnold Clark Information Security Officer.
- Establishing relationships with internal and external stakeholders.
- Proven experience of working in an information security team.
- Knowledge of information security frameworks, including PCIDSS, data protection, GDPR, ISO27k series.
- Thorough understanding of the risk management process.
- Broad and in-depth understanding of information technology stacks including networks, server, client, mobile and security technologies.
- Third party assurance and due diligence experience.
- Information security project engagement experience.
- Strong communication skills, situational analysis and decision-making abilities.
- The ability to manage your workload according to business and operational demands.
- Qualifications within IT security such as CISSP, CEH, CISM are highly desirable but not essential.
In exchange for your experience and skills, you will receive one of the best employee benefit packages in the automotive industry, including private healthcare, life assurance and staff discounts.
Employment within the Arnold Clark Group is offered subject to satisfactory reference and disclosure checks.