Type: Full Time
Location: Reigate, Surrey
Posted: one month ago

Background

Hyundai Capital Services UK Ltd (HCUK) is a joint venture company established by Santander Consumer UK and Hyundai Capital Services Korea in 2012. It operates under the Hyundai Finance, Kia Finance and Genesis Finance brands, providing funding solutions for both Retailers and Consumers.

Job Purpose

Reporting into the Information Security Manager (ISM) the aim of the role is the effective operation, reporting and evidencing of our technology and information security control environment and the overall Information Security Management System (ISMS).

Key Accountabilities

1. Information Security	Maintaining and improving our ISMS Updating ISMS policies, procedures, standards, and guidance Coordinate and provide necessary support in planning and completing internal ISMS reviews Supplier onboarding and annual supplier security assessments Maintaining and developing our security awareness and education programmes Analysis of information security alerts and incidents Report on incidents, risks, threats and vulnerabilities Scheduling internal and external penetration and vulnerability tests and managing remediation planning
2. Technology	Analyse external vulnerability bulletins and schedule remediation where appropriate Assist in evaluation of cyber security tools Use of third-party assessment platforms Manage our online ISMS system
3. Project Delivery	Assist the ISM to deliver Information Security projects Contribute to the team as an active member in projects
4. Framework Management & Monitoring	Ensure evidence of technology and information security control effectiveness Participate in technology and information security related audits, providing support regarding the collation and supply of evidence to requests Ensuring information security controls are evaluated and effective Identifying ISMS nonconformities Respond to audit recommendations
5. Stakeholder Engagement	Establish a good working relationship with all internal and external key stakeholders, and third-party vendors Work closely with IT to agree, prioritise and monitor mitigation actions from vulnerability assessments and penetration tests
6. Communication and Reporting	Create reports on information security projects and activities Report on information and cyber security incidents Create ISMS reports based on key metrics Articulate associated risks in both technical and non-technical terminology
7. Insight and continuous improvement	Support the on-going review process to continually improve and refine the ISMS Participate and assist in the research and evaluation of security products and technologies Keep managers and colleagues up to date with status, findings and the implications on security issues
8. Risk and Compliance	Support the ISM in performing targeted information security risk assessments Participate in technology and information security risk meetings, prepare related reporting, recording actions and ensuring they are resolved In line with the company’s risk and compliance statement of responsibility and objectives, identify risks, incidents, and breaches, in accordance with company policies and department procedures.
8. Other	Carry out any other tasks from time to time as may reasonably be requested.

Key Competencies

Documentation	Ability to synthesise and present technical information in meaningful business terms
Communication	Excellent verbal / communication skills
Teamwork	An excellent team player, able to establish strong working relationships with stakeholders, colleagues and business partners. Able to conduct the role with integrity.
Time Management	Effective time management skills; ability to juggle several tasks and conflicting priorities. Ability to work independently
Influencing & negotiating	Excellent people and inter-personal skills with experience of interacting and building relationships with stakeholders.
Problem Solving	Use initiative to find solutions and approaches for problems with curiosity and open mindedness

Required Experience

Given the scope of this position it is essential that the job holder can demonstrate the following knowledge and experience:

Experience within technology risk management and / or audit function would be beneficial
Experience of working in a regulated environment / awareness of requirements such as GDPR
Experience in the maintenance of a certified ISO27001 Information Security Management System and related controls (ISO27002)
Understanding of technology and information security risk management frameworks

Education

Has the appropriate level of education or professional risk/compliance/Information Security related qualifications.

Other Information

HCUK employees are currently hybrid working (mixture of home/ office). HCUK’s head office is in Reigate, Surrey.
This position may require domestic travel from time to time.

Remuneration Package

Competitive basic salary, in line with experience
Eligibility for annual bonus, up to 15%
27 days holiday per annum, plus bank holidays, and option to take part in flexible holiday scheme.
Company pension scheme, with generous employer contributions
Eligible for a voluntary benefits allowance of £500 per annum payable as cash or otherwise used as a benefit available on the benefit suite
Benefits supporting you and the family, such as death in service benefit, income protection
Voluntary healthcare benefits at discounted rates such as private medical insurance for individual and family, dental insurance, health care cash plan and health assessments
Employee car scheme (through salary deductions)
Employee assistance programme
Enhanced family friendly policies
Flexible working opportunities

Information Security Assurance Analyst