IT Security and Compliance Analyst Chippenham, South West England, England
Job description
At Holman, we exist to provide rewarding careers and better lives for employees and their families. We hire, train, empower, and reward exceptional people. Our journey is guided by our desire to get it right every time and the acknowledgement that we have an opportunity to be better. To be better, we have to do better, and to do better we must know better. That’s why we are listening, open to learning new things – about ourselves and each other. We will never stop striving for improved diversity, equity, and inclusion because we are successful together when we feel trusted and supported. It’s The Holman Way.
At Holman, your total compensation goes beyond your paycheck. To position you for success and provide a rewarding career and better life for you and your family, Holman is proud to offer you the benefits you deserve; including protection against illness, disability, loss of work, or preparation for retirement. Below is a brief overview of these programs (programs may vary by country or worker type):
Health Insurance
Dental Insurance
Life and Disability Insurance
Flexible Spending and Health Savings Accounts
Employee Assistance Program
Retirement Plan
Paid Time Off
Tuition Reimbursement
Position Title (Job Code): IT Compliance Analyst
Grade Level:
FLSA Status (Applicable Exemption): N/A
Principal Work Location: Chippenham/ Birmingham UK
Department: Information Technology
Reports to (Title): TBD
Number/Type of Employees Supervised: None
Principal Purpose of Position:
Works with fellow team members and other departments to address customer assurance requests, preparing responses to customer inquiries.
Work with senior managers across the business to drive the information security agenda and ensure that it meets complex compliance requirements.
Works closely with Senior Analysts supporting compliance, regulatory, vendor and cyber-maturity assessments and reporting.
Provides direct support for control activities such as access reviews, data mapping and vendor assessment.
Works toward, establishes, and maintains a firm knowledge of data security practices and relevant regulatory requirements.
Assist with the development of control frameworks to meet business and regulatory requirements
Participates in project reviews, working with business representatives, technical staff, suppliers, and project team members to evaluate information security requirements, and to help mitigate potential exposures.
Provides support for contract review and negotiation of information security and privacy requirements.
Monitors and promotes compliance with information security policies and standards. Recommends changes to policies, standards and procedures.
Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software
Supports UK DPO in providing technical expertise in relation to UK GDPR, Data Protection Act 2018 and PECR 2003
Ad hoc tasks as required by the business
Perform all other duties and special projects as assigned.
KNOW-HOW
Sound analytical judgement, self-motivated, attention to detail, ability to manage deliverables against firm timelines, and commitment to producing results.
A motivated self-starter that is able to work independently and in a team environment.
Strong verbal and written communication skills.
Knowledge of information security & control frameworks e.g., NIST, ISO 27001/27002 a plus.
Familiarity with regulatory and compliance mandates e.g., PCI, CCPA, GDPR a plus
Proficient with Microsoft Office suite of products
Education and/or Training:
At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) a plus
Relevant Work Experience:
5 years of combined Information Security and Technical Administration Experience.
Proven experience in an information security role including experience of developing Information Security policies and plans.
Working knowledge of General Data Protection Regulation (GDPR).
Experience with information security internal & external audits and contract compliance.
Good understanding of system technology security testing (vulnerability scanning and penetration testing.
Excellent understanding of information security concepts, protocols, industry best practices and strategies.
Planning/Organizing/Managerial Knowledge:
Proactive and committed to finding a solution, with ability to use initiative and common sense
Experience of planning, prioritising and organising the work of yourself and others, delivering to tight deadlines whilst ensuring the effective use of resources
Strong ability to organise assignments and work efforts to meet schedules and deadlines
Strong analytical skills for effective problem solving and trouble shooting
Communicating & Influencing Skills:
A positive, proactive and adaptable communication style
Strong verbal and written communication skills with a focus on the ability to communicate technical issues to a diverse non-technical audience
Strong ability to grasp issues quickly and make educated, critical judgments across most business process
Committed to delivering excellent customer service within the parameters agreed
Able to communicate ideas and plans in a clear and concise manner
PROBLEM SOLVING
Indicate those statements that describe the process by which this position solves problems. Show the % that the relevant statement represents among all problem solving done by this role. The sum of percentages indicated for each category should equal 100%. For each relevant statement, give an example of a problem and the method of resolution.
The problems are similar to each other and have a limited number of predefined solutions. Standing procedures/plans and/or a structured routine directs the problem solving process.
% of all problems: 50%
Example: Security assessment required as part of new business or partnership; consult with business SME’s to complete assessment. Manage the process through to completion, providing ultimate sign-off
The problems encountered are dissimilar and typically have a number of solutions. The solutions may be derived from a general plan or a flexible routine may be utilized to solve problems of this type.
% of all problems: 30%
Example: Requirement to assess new software or hardware vendor as part of a new business project. Complete assessment using standard process, making recommendation to the business, bringing awareness to any risk.
The problems encountered are unique situations and there is an unlimited number of solutions, many of which are unknown. There are no procedures or routines to follow, but only broad policies to guide the problem solving process.
% of all problems: 20%
Example: Annual review of all security policies and procedures, updating in line with any legislative or internal business changes. Audit business processes to ensure compliance with policies.
ACCOUNTABILITY
This describes the extent to which this position is answerable for actions and their consequences. It measures the effect of the job/role on end results.
For each type of Accountability, indicate an approximate dollar value of impact and whether the role has a Direct impact (controls end results or shares control with peer positions) or Indirect impact (generally informational, interpretive, analytical, or enables others to take action). If no dollar value can be determined, enter Non-Quantifiable instead of an amount.
Sales
$ value: Non-quantifiable
Direct/Indirect: Indirect
Selling, General, & Administrative
$ value: Non-quantifiable
Direct/Indirect: Indirect
Manufacturing
$ value: Non-quantifiable
Direct/Indirect: Indirect
Project Management
$ value: Non-quantifiable
Direct/Indirect: Indirect
Assets
$ value: Non-quantifiable
Direct/Indirect: Indirect
Other (Please specify):
$ value: Non-quantifiable
Direct/Indirect: Indirect
List statements which describe the primary results/outputs for which this position is held accountable. Please limit the list to 5 or 6 statements.
Review security assessments and make recommendations, identifying any risk
Carry out internal audits of systems and process and make recommendations for improvement
Define, document and publish policies based on regulatory compliance, ensuring wider business awareness
Improve general awareness of security compliance throughout the business
Meet annually set individual goals
Holman is a global automotive leader that serves both commercial and consumer clients The Holman Way by always doing the right thing for our people, our customers, and the community since 1924. The Holman story began nearly a century ago as a single Ford dealership in New Jersey. Today, Holman, headquartered in Mount Laurel, New Jersey, is one of the largest family-owned automotive service organizations in North America with more than 6,500 employees across North America, the UK, and Germany.
Holman delivers a unique range of automotive-centric services including industry-leading fleet management and leasing; vehicle fabrication and upfitting; component manufacturing and productivity solutions; powertrain distribution and logistics services; commercial and personal insurance and risk management; and retail automotive sales as one of the largest privately owned dealership groups in the United States. Guided by its deeply rooted core values and principles, Holman is continuously Driving What’s Right.
Holman provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
