Information Security Officer in Epsom

The role in a nutshell: Responsible for all aspects of Information Security within Toyota Financial Services UK, including compliance with Corporate Policies, the ongoing promotion of Information Security across the organisation and to operate an effective Information Security Management System (ISMS).

A bit about the Department: The Business Technology Solutions (BTS) department are responsible for delivering end-to-end business technology and change through their four key functions of Governance, Projects & Change, Delivery and Technical Operations. They look after both TFSUK and KINTO UK. The mission of BTS is to Give (the Business the technology, applications and services it needs), to Guide (the Business through Change using their expertise and experience) and to Guard (always protect the Business, its Customers & its Data).

What you’ll be doing:

• Maintain, mature and align the BTS’ ISMS with ISO27001:2022 through management and evolution of the company’s Information Security policies, maintaining best practice and alignment with Corporate and Regulatory requirements, including the Global Information Security Group framework (GISG), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX) PCI-DSS & Cyber Essentials Plus.
• Manage Information Security aspects of the third-party due diligence process, including subject-matter expertise to support onboarding of new suppliers, ongoing assessment of existing suppliers, contract reviews.
• Manage/Co-ordinate or provide reporting material for regular information security meetings including supplier security reviews, risk register reviews, metrics.
• Provide clear and actionable information security reporting to senior leadership.
• Manage/operate Information Security related tools such as GRC tool and Supplier assessment tool.
• Own and maintain the BTS Risk register, ensuring risks are identified, assessed and documented in accordance with internal risk methodology, including exception handling.
• Working in partnership with the Data Protection Officer (DPO) & Legal & Compliance to protect the organisation’s information.
• Oversee Audit Findings and any associated remediation across BTS including gathering, management and submission of control evidence to support assurance activities, internal compliance reviews (GISG) and any regulatory requirements.
• Manage the Information Security Awareness programme, including maintenance of the training schedule, annual employee training, creation of materials and assist with co-ordination of monthly phishing campaigns.
• Proactively raise the profile of Information Security across the organisation, its stakeholders, vendors and customers.
• Work in partnership with the Business & BTS teams to ensure all Projects, Changes, policies and procedures are compliant with corporate information security policies.
• Manage the annual Security Incident Response Test (SIRT), as well as ensuring the remediation of any findings.
• Undertake Security related Testing, including Phishing, Security Incident Response Tests.
• Co-ordinate response to security incidents and breaches to ensure any impact is contained and relevant information obtained to facilitate analysis and improvement plans.
• Mature the Information Security mindset across TFS UK.

What you’ll get to own:

• Management of TFSUK’s ISO27001 certification, ensuring the ongoing certification is retained.
• Management of TFSUK’s GISG posture, ensuring compliance against the extensive control set.
• Management of the GISG Vendor Assessment process for Information Security assurance of all TFSUK vendors.
• Development & Management of the Information Security Strategy and subsequent annual reviews.
• Oversight of remediation work for all open IT audit findings.
• Management of IT Risk Register and ongoing monthly reviews.
• Information Security Reporting & Performance KPIs.

Key Experience & Skills:

• Proven experience in developing, implementing, maintaining and leading an effective ISMS and information security control assurance programme.
• Strong stakeholder management skills, including technical members of staff and senior executives, stakeholder negotiation and influencing.
• Good analytical skills.
• Strong understanding of ISO27001, GDPR, SOX & Information Security Risk Management.
• Understanding of information security tools.
• Experience with business continuity, third-party risk management and incident management.

Attributes & Behaviours:

• Strong written and verbal communication skills.
• Ability to interact professionally with a broad range of technical and non-technical stakeholders across the business.
• Keen problem solver and critical thinker.
• Strong multi-tasker, able to work effectively on several projects at one time in a busy and time-driven work environment.
• Proactive, determined and self-motivated.

Benefits:

• Hybrid working pattern: 2 days in the office and 3 days from a location of your choice.
• Access to attractive car schemes for you (& your family) for Toyota & Lexus cars.
• Excellent pension scheme (up to 6% employee contribution and 15% employer contribution).
• Generous annual leave of 25 days which increases with service and holiday purchase option.
• Private Medical Healthcare (single, partner/spouse and dependent children) with Digital GP Service.
• Group Income Protection cover with Aviva including physical, mental, and financial wellbeing services.
• Employee Assistance Program.
• Eye tests.
• On-site gym, sports and social club, & flu jabs to keep you healthy.
• Wellbeing hour each month and many more initiatives throughout the year to encourage a healthy mind and body, and to raise awareness and celebrate diversity, equity and inclusion.
• Dress for your day policy to make you feel comfortable at work.
• Eco HQ, free parking & restaurant.
• Two volunteering days per year.
• Reward gateway voucher discounts.
• Flexible working scheme and we welcome flexible working conversations at interview.
• Regular 1:1s with your manager, a personal development review each quarter.
• A wide range of learning & development opportunities including LinkedIn Learning courses.
• £250 contribution towards you learning something new outside of work.
• Annual events (e.g., summer party, BBQ & Xmas party) including Countdown to Christmas events every December – it is so much fun!

Legal & Equality Statement: We are a Disability Confident Employer.