We’re currently recruiting for an Information Security Governance, Risk & Compliance Analyst based at Kilbirnie Street, Glasgow.
Full time, Monday–Friday, 8.30am to 5.00pm.
About the role
As an Information Security Governance, Risk & Compliance Analyst at Arnold Clark, you’ll help to make sure that our information systems are appropriately secured and there is no excessive risk to business information or services.
Working with both third parties and internal technical and non-technical teams, you’ll perform any necessary assurance and due diligence tasks, making sure that the business is aligned to Arnold Clark Information Security policies and standards.
- Collaborating on internal projects to make sure that Information Security is properly represented and that all requirements are met.
- Liaising with third parties as part of a business tender or information security audit.
- Conducting the necessary due diligence steps against third parties which handle Arnold Clark information.
- Carrying out compliance reporting on external frameworks such as DPA 2018, GDPR and PCIDSS and highlighting any associated risks and required steps.
- Carrying out the Arnold Clark audit process for third parties to make sure that risks are identified and managed.
- Working closely with the Information Security Operations team to identify, track and report on risks to the organisation.
- Managing the Arnold Clark Information Security risk register (including opening, closing and reporting of risk).
- Advising on Information Security risks with authority and clearly articulating the required actions to the responsible parties.
- Escalating any identifed risks, issues, threats and vulnerabilities to the Arnold Clark Information Security Officer.
- Extensive experience working in Information Security is not necessary, but the role would be suited to a quick learner who has a minimum of 3 years’ experience of information technology role, with exposure to Information Security practices.
- Experience of drafting/maintaining policies, processes and standards.
- Previous exposure to risk management and process to ensure risks are documented, reported and escalated appropiately.
- Third-party assurance and due diligence experience is highly desirable.
- Good understanding of Information Technology stacks, including networks, server, client, mobile and security technologies.
- The ability to understand and discuss technical concepts.
- Strong situational analysis and decision-making abilities.
- Ability to priortise your own workload, according to business and operational demands.
- Ability to interact with subject matter experts, build strong relationships and liaise with users at all levels.
- Willingness to obtain security qualifications and take part in on-the-job training.
Nice to have (but not essential)
- Basic knowledge of or exposure to Information Security frameworks, including PCIDSS, Data Protection, GDPR, ISO27k Series, etc.
- Project engagement experience.
- Qualifications within IT Security, such as CompTIA Sec+,CISSP, CRISC, CISA or CISM.
In return for your skills and experience, you’ll receive some of the best employee benefits in the automotive industry, including free private healthcare, life assurance, a monthly lunch subsidy, free shuttle bus service and generous retail discounts.
Employment within the Arnold Clark Group is offered subject to satisfactory reference and disclosure checks.