Back to Job Search

HCUK Information Security Assurance Analyst

Santander logo

Job Description

Job Description

Job Purpose: Reporting into the Head of Information Security & IT (HoIS&IT), the aim of the role is the effective operation, reporting and evidencing of our technology and information security control environment and the overall Information Security Management System, 1. Information Security

  • Maintaining and improving our Information Security Management System (ISMS)

  • Updating ISMS policies, procedures, standards, and guidance

  • Coordinate and provide necessary support in planning and completing internal ISMS reviews

  • Supplier onboarding and annual supplier security assessments

  • Maintaining and developing our security awareness and education programmes

  • Analysis of information security alerts and incidents

  • Report on incidents, risks, threats and vulnerabilities

  • Scheduling internal and external penetration and vulnerability tests and managing remediation planning

  1. Technology

  • Analyse external vulnerability bulletins and schedule remediation where appropriate

  • Assist in evaluation of cyber security tools

  • Use of third-party assessment platforms.

  • Manage our online ISMS system

  1. Project Delivery

  • Assist the HoIS&IT to deliver Information Security projects

  • Contributing to the team as an active member in projects.

  1. Framework Management & Monitoring

  • Ensure evidence of technology and information security control effectiveness

  • Participate in technology and information security related audits, providing support regarding the collation and supply of evidence to requests

  • Ensuring information security controls are evaluated and effective

  • Identifying ISMS nonconformities

  • Respond to audit recommendations

  1. Stakeholder Engagement

  • Establish a good working relationship with all internal and external key stakeholders, and third-party vendors.

  • Work closely with IT to agree, prioritise and monitor mitigation actions from vulnerability assessments and penetration tests.

  1. Communication and Reporting

  • Create reports on information security projects and activities

  • Report on information and cyber security incidents

  • Create ISMS reports based on key metrics

  • Articulate associated risks in both technical and non-technical terminology.

  1. Insight and continuous improvement

  • Support the on-going ISMS review process to continually improve and refine the Information Security Management System

  • Participate and assist in the research and evaluation of security products and technologies

  • Keep Managers and colleagues up to date with status, findings and the implications on security issues.

  1. Risk and Compliance

  • Support the HoIS&IT in performing of targeted information security risk assessments

  • Participate in technology and information security risk meetings, prepare related reporting, recording actions and ensuring they are resolved

  1. Other
  • Carry out any other tasks from time to time as may reasonably be requested.

Candidate Description

Documentation: Ability to synthesise and present technical information in meaningful business terms

Communication: Excellent verbal / communication skills

Teamwork: An excellent team player, able to establish strong working relationships with stakeholders, colleagues and business partners. Able to conduct the role with integrity.

Time Management: Effective time management skills; ability to juggle several tasks and conflicting priorities. Ability to work independently

Influencing & negotiating: Excellent people and inter-personal skills with experience of interacting and building relationships with stakeholders.

Problem Solving: Use initiative to find solutions and approaches for problems with curiosity and open mindedness, Given the scope of this position it is essential that the job holder can demonstrate the following knowledge and experience:

  • Experience within technology risk management and / or audit function would be beneficial

  • Experience of working in a regulated environment / awareness of requirements such as GDPR

  • Experience in the maintenance of a certified ISO27001 Information Security Management System and related controls. (ISO27002)

  • Understanding of technology and information security risk management frameworks

    Education

    Has the appropriate level of education or professional risk/compliance/Information Security related qualifications.

    Other information

  • HCUK employees are currently hybrid working [mixture of home/ office]. HCUK's head office is in Reigate, Surrey.

  • This position may require domestic travel from time to time., Given the scope of this position it is essential that the job holder can demonstrate the following knowledge and experience:

  • Experience within technology risk management and / or audit function would be beneficial

  • Experience of working in a regulated environment / awareness of requirements such as GDPR

  • Experience in the maintenance of a certified ISO27001 Information Security Management System and related controls. (ISO27002)

  • Understanding of technology and information security risk management frameworks, Has the appropriate level of education or professional risk/compliance/Information Security related qualifications.

Employer Description

Company Background: Hyundai Capital UK Ltd (HCUK) is a joint venture company established by Santander Consumer UK and Hyundai Capital Services Korea in 2012. It operates under the Hyundai Finance, Kia Finance and Genesis Finance brands, providing funding solutions for both Retailers and Consumers.