HCUK Information Security Assurance Analyst

Country: United Kingdom

Company Background And Job Purpose
Hyundai Capital Services UK Ltd (HCUK), a joint venture between Santander Consumer UK and Hyundai Capital Services Korea, operates under multiple finance brands providing funding solutions for retailers and consumers. The
Information Security Assurance Analyst
reports to the CISO, Head of Information Security & IT and is tasked with supporting the effective operation, reporting, and evidencing of the company\’s technology and information security controls and Information Security Management System (ISMS).

Key Accountabilities

• Information Security
• Maintain and improve the ISMS.
• Review and update ISMS policies, procedures, standards, and guidance.
• Coordinate internal ISMS reviews and audits.
• Facilitate supplier onboarding and conduct annual security assessments.
• Develop and deliver security awareness initiatives.
• Monitor security alerts and incidents, escalating when necessary.
• Prepare reports on security incidents, risks, and vulnerabilities.
• Schedule penetration tests and vulnerability scans, supporting remediation efforts.
• Technology
• Analyse external vulnerability bulletins and coordinate remediation.
• Assist in evaluating cybersecurity tools.
• Use third-party assessment platforms for risk and compliance.
• Operate and improve the online ISMS platform.
• Project Delivery
• Support Senior Information Security Analyst with project.
• Participate actively in project teams to implement security initiatives.
• Framework Management & Monitoring
• Monitor and maintain evidence of control effectiveness.
• Support audits by coordinating evidence collection.
• Evaluate controls and document nonconformities.
• Respond to audit findings ensuring timely remediation.
• Stakeholder Engagement
• Build relationships with internal and external stakeholders to support security objectives.
• Collaborate with IT teams to prioritize and track remediation of vulnerabilities.
• Communication and Reporting
• Produce clear reports on security activities and projects.
• Document and report incidents with root cause analysis.
• Generate ISMS reports using defined metrics for governance.
• Communicate risks effectively tailored to audience technical levels.
• Insight and Continuous Improvement
• Support ongoing ISMS review and enhancement.
• Research and recommend new security tools and practices.
• Keep colleagues and managers informed of security issues and implications.
• Risk and Compliance
• Assist in targeted information security risk assessments.
• Participate in risk meetings and prepare reports.
• Report risks, incidents, and breaches in line with policies.

Key Competencies

• Documentation & Attention to Detail: Ability to translate technical information into business-relevant language with strong accuracy.
• Communication: Excellent verbal and written skills for technical and non-technical audiences.
• Teamwork: Collaborative and professional in building strong working relationships.
• Time Management: Effective multitasking and independent work with minimal supervision.
• Influencing & Negotiating: Builds trust and uses interpersonal skills to influence and build consensus.
• Problem Solving: Applies initiative and critical thinking with adaptability and curiosity.

Key Expertise

• Understanding of information security principles, frameworks (e.g., ISO/IEC 27001), and risk management.
• Familiarity with ISMS operations.
• Experience with third-party security assessment platforms and GRC tools is desirable.
• Exposure to vulnerability management and audit involvement is advantageous.
• Relevant education or professional qualifications in risk, compliance, or information security.

Key Information, Benefits And Remuneration

• Hybrid working model with a minimum of two days per week at the Reigate, Surrey office.
• Occasional domestic travel may be required.
• Salary range between £40,000 – £45,000 depending on experience.
• Eligibility for an annual bonus of up to 15%.
• 25 days holiday plus