Job Title: EU Information Security Manager
Location: Hybrid working, home & BCA Coimbra (monthly visits)
Salary: Competitive + Benefits!
Working Hours: Monday - Friday, 40 hours
Job Status: Permanent
Who we are!
The Constellation Automotive Group is the largest vertically integrated digital car marketplace in Europe, combining the leading digital brands across the segments of Consumer to Business (C2B), Business to Business (B2B) and Business to Consumer (B2C). Across our digital platforms we exceed £20 billion of Gross Merchandises Value (‘GMV’) on an annual basis. This includes market leading brands such as BCA, We Buy Any Car, cinch and Marshall.
The Role
The European Information Security Manager plays an integral role in engaging the European business on the implementation of the Group’s Information Security Management System (ISMS), supporting each individual business unit’s Customer, Legal and Policy compliance. Can effectively translate business objectives and risk management strategies into specific European security programme that delivers value to the Business.
Reporting to the Group Chief Information Security Officer, with a dotted line to the European IT Director, this role is responsible for engaging and driving the business in a dedicated security programme for Europe; interfacing and resourcing the programme with the Group Shared CISO Service to drive all areas of Information Security Governance, Risk, Compliance and Assurance.
The individual will be a subject matter expert (SME) in Information Security with a high level of technical and business acumen with an ability to build strong, trusted relationships across the business, technology and partners.
As a trusted advisor, they must know how to work with cross-functional and multi-location leaders and teams.
Key responsibilities include:
* Participate in the evolvement of Group Chief Information Security Office Shared Service into a world class high performing team in a fast paced digital and cloud first environment. Representing the European Business and Technology Requirements.
* Contribute to the development and continuous improvement of a digital and cloud first European Information Security Improvement Programme; based on the Group ISMS that can be certified at both group and business level to ISO/IEC 27001 and NIST and other global standards as appropriate.
* An important contributor to group information security policies, standards and guidelines that enable business and customer success through automation.
* Partner with the European business and technology teams to adopt policies through collaboration and balanced enforcement with business and technology leadership.
* Contribute and be a European SME in measuring Corporate Information Security Risk, Compliance and Assurance based on applicable international/regional industry recognized standards, such as ISO/IEC 27000 series, NIST SP800 series, COBIT, FERPA, COPPA, etc.
* Ensure Europe achieves compliance targets in a timely fashion and can clearly evidence compliance to customers, stakeholder and authorities as required. Meeting and surpassing our customer requirements.
* Contribute to Constellation Automotive Group’s world-class security education programme on Information security and measures of efficacy. Representing European on important translations and cultural aspects.
* Liaise with European customers, partners, security organisations and others to support the business risk management effort.
* Act as a Security role-model and champion throughout Europe.
Knowledge:
* Degree level education or equivalent experience, ideally in cyber security, technology, computing or a related field.
* Experience of plus qualification/certifications from Cloud providers such as AWS, MS Azure etc.
* Practitioner knowledge of relevant legislation and regulation such as: - Data Protection Act (DPA) 2018 - GDPR- Payment Card Industry Data Security Standard (PCI DSS)
* Practitioner knowledge of industry best practice and frameworks such as: ISO27001, PCI-DSS, NIST and CIS Critical Security Controls and the principles of enterprise risk management and governance techniques.
* ITIL v3 or later.
* Professional security management qualifications and certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other relevant credentials.
Experience
Essential Experience
* 5+ years of experience in Information Security Manager roles, or
* 7+ years of experience in enterprise IT, system technology, infrastructure, integration, cloud, hosting and shared technology services.
* Extensive experience in leading Information Security Programmes, particularly in hybrid environments of Cloud and On Prem and across multiple geographies.
* Proven ability on achieving and maintaining ISO/IEC27001 certification at a distributed business level.
* Deep and broad understanding of information security encompassing control technologies, policies and standards, risk and compliance, audit, data privacy, etc.
* Experienced in working in diverse group and distributed security teams.
Skills
* Strong business acumen with excellent verbal and written communication skills with a wide range of audiences including technologists, executives, business stakeholders and IT team members.
* Must be a critical thinker with strong problem-solving skills.
* Knowledge and understanding of relevant legal and regulatory requirements, specifically Europe.
* High level of personal integrity, and the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
* High degree of initiative, dependability and thought leadership.
Please note that only applications submitted in English will be considered.
#J-18808-Ljbffr