HCUK Information Security Assurance Analyst

at  Santander

HCUK Information Security Assurance Analyst
Country: United Kingdom
Background: Hyundai Capital Services UK Ltd (HCUK) is a joint venture company established by Santander Consumer UK and Hyundai Capital Services Korea in 2012. It operates under the Hyundai Finance, Kia Finance and Genesis Finance brands, providing funding solutions for both Retailers and Consumers.

KEY ACCOUNTABILITIES

1. Information Security

• Maintaining and improving our ISMS
• Updating ISMS policies, procedures, standards, and guidance
• Coordinate and provide necessary support in planning and completing internal ISMS reviews
• Supplier onboarding and annual supplier security assessments
• Maintaining and developing our security awareness and education programmes
• Analysis of information security alerts and incidents
• Report on incidents, risks, threats and vulnerabilities
• Scheduling internal and external penetration and vulnerability tests and managing remediation planning

1. Technology

• Analyse external vulnerability bulletins and schedule remediation where appropriate
• Assist in evaluation of cyber security tools
• Use of third-party assessment platforms
• Manage our online ISMS system

1. Project Delivery

• Assist the ISM to deliver Information Security projects
• Contribute to the team as an active member in projects

1. Framework Management & Monitoring

• Ensure evidence of technology and information security control effectiveness
• Participate in technology and information security related audits, providing support regarding the collation and supply of evidence to requests
• Ensuring information security controls are evaluated and effective
• Identifying ISMS nonconformities
• Respond to audit recommendations

1. Stakeholder Engagement

• Establish a good working relationship with all internal and external key stakeholders, and third-party vendors
• Work closely with IT to agree, prioritise and monitor mitigation actions from vulnerability assessments and penetration tests

1. Communication and Reporting

• Create reports on information security projects and activities
• Report on information and cyber security incidents
• Create ISMS reports based on key metrics
• Articulate associated risks in both technical and non-technical terminology

1. Insight and continuous improvement

• Support the on-going review process to continually improve and refine the ISMS
• Participate and assist in the research and evaluation of security products and technologies
• Keep managers and colleagues up to date with status, findings and the implications on security issues

1. Risk and Compliance

• Support the ISM in performing targeted information security risk assessments
• Participate in technology and information security risk meetings, prepare related reporting, recording actions and ensuring they are resolved
• In line with the company’s risk and compliance statement of responsibility and objectives, identify risks, incidents, and breaches, in accordance with company policies and department procedures.

1. Other

• Carry out any other tasks from time to time as may reasonably be requested

KNOWLEDGE & EXPERIENCE

• Given the scope of this position it is essential that the job holder can demonstrate the following knowledge and experience:
• Experience within technology risk management and / or audit function would be beneficial
• Experience of working in a regulated environment / awareness of requirements such as GDPR
• Experience in the maintenance of a certified ISO27001 Information Security Management System and related controls (ISO27002)
• Understanding of technology and information security risk management frameworks

EDUCATION

• Has the appropriate level of education or professional risk/compliance/Information Security related qualifications.

JOB PURPOSE

Reporting into the Information Security Manager (ISM) the aim of the role is the effective operation, reporting and evidencing of our technology and information security control environment and the overall Information Security Management System (ISMS).