Information Security Assurance Analyst

  • Type: Full Time
  • Location: Reigate, Surrey
  • Posted: 22 days ago

Background

Hyundai Capital Services UK Ltd (HCUK) is a joint venture company established by Santander Consumer UK and Hyundai Capital Services Korea in 2012. It operates under the Hyundai Finance, Kia Finance and Genesis Finance brands, providing funding solutions for both Retailers and Consumers.

Job Purpose

Reporting into the Information Security Manager (ISM) the aim of the role is the effective operation, reporting and evidencing of our technology and information security control environment and the overall Information Security Management System (ISMS).

Key Accountabilities

1. Information Security

  • Maintaining and improving our ISMS
  • Updating ISMS policies, procedures, standards, and guidance
  • Coordinate and provide necessary support in planning and completing internal ISMS reviews
  • Supplier onboarding and annual supplier security assessments
  • Maintaining and developing our security awareness and education programmes
  • Analysis of information security alerts and incidents
  • Report on incidents, risks, threats and vulnerabilities
  • Scheduling internal and external penetration and vulnerability tests and managing remediation planning

2. Technology

  • Analyse external vulnerability bulletins and schedule remediation where appropriate
  • Assist in evaluation of cyber security tools
  • Use of third-party assessment platforms
  • Manage our online ISMS system

3. Project Delivery

  • Assist the ISM to deliver Information Security projects
  • Contribute to the team as an active member in projects

4. Framework Management & Monitoring

  • Ensure evidence of technology and information security control effectiveness
  • Participate in technology and information security related audits, providing support regarding the collation and supply of evidence to requests
  • Ensuring information security controls are evaluated and effective
  • Identifying ISMS nonconformities
  • Respond to audit recommendations

5. Stakeholder Engagement

  • Establish a good working relationship with all internal and external key stakeholders, and third-party vendors
  • Work closely with IT to agree, prioritise and monitor mitigation actions from vulnerability assessments and penetration tests

6. Communication and Reporting

  • Create reports on information security projects and activities
  • Report on information and cyber security incidents
  • Create ISMS reports based on key metrics
  • Articulate associated risks in both technical and non-technical terminology

7. Insight and continuous improvement

  • Support the on-going review process to continually improve and refine the ISMS
  • Participate and assist in the research and evaluation of security products and technologies
  • Keep managers and colleagues up to date with status, findings and the implications on security issues

8. Risk and Compliance

  • Support the ISM in performing targeted information security risk assessments
  • Participate in technology and information security risk meetings, prepare related reporting, recording actions and ensuring they are resolved
  • In line with the company’s risk and compliance statement of responsibility and objectives, identify risks, incidents, and breaches, in accordance with company policies and department procedures.

8. Other

  • Carry out any other tasks from time to time as may reasonably be requested.

Key Competencies

Documentation

Ability to synthesise and present technical information in meaningful business terms

Communication

Excellent verbal / communication skills

Teamwork

An excellent team player, able to establish strong working relationships with stakeholders, colleagues and business partners. Able to conduct the role with integrity.

Time Management

Effective time management skills; ability to juggle several tasks and conflicting priorities. Ability to work independently

Influencing & negotiating

Excellent people and inter-personal skills with experience of interacting and building relationships with stakeholders.

Problem Solving

Use initiative to find solutions and approaches for problems with curiosity and open mindedness

Required Experience

Given the scope of this position it is essential that the job holder can demonstrate the following knowledge and experience:

  • Experience within technology risk management and / or audit function would be beneficial
  • Experience of working in a regulated environment / awareness of requirements such as GDPR
  • Experience in the maintenance of a certified ISO27001 Information Security Management System and related controls (ISO27002)
  • Understanding of technology and information security risk management frameworks

Education

  • Has the appropriate level of education or professional risk/compliance/Information Security related qualifications.

Other Information

  • HCUK employees are currently hybrid working (mixture of home/ office). HCUK’s head office is in Reigate, Surrey.
  • This position may require domestic travel from time to time.

Remuneration Package

  • Competitive basic salary, in line with experience
  • Eligibility for annual bonus, up to 15%
  • 27 days holiday per annum, plus bank holidays, and option to take part in flexible holiday scheme.
  • Company pension scheme, with generous employer contributions
  • Eligible for a voluntary benefits allowance of £500 per annum payable as cash or otherwise used as a benefit available on the benefit suite
  • Benefits supporting you and the family, such as death in service benefit, income protection
  • Voluntary healthcare benefits at discounted rates such as private medical insurance for individual and family, dental insurance, health care cash plan and health assessments
  • Employee car scheme (through salary deductions)
  • Employee assistance programme
  • Enhanced family friendly policies
  • Flexible working opportunities
 

Complete this form to apply

 Required fields

About You
About Your Current Role/Job
About This Role/Job
   
   
Max 250 words