Information Security & Governance Analyst
- Role Type
- Prague, Shoreham-by-Sea, Leamington Spa
- Closing Date
This role is responsible for maintaining and improving Ricardo’s information control regime. It is a varied, challenging and high-profile role in an environment where people are encouraged to be autonomous and supported to learn new skills.
Around 80% of your time will be spent ensuring that our business has appropriate controls to mitigate the information risks we face. You will own the Information Risk Register and Information Asset Register, progress of risk improvement plans, conduct / co-ordinate internal audit activity and assist with drafting awareness communications plus periodic reporting.
The rest of your time will be providing governance capabilities for the IT Function, helping us improve the control & reporting of our operational services and projects. You will central to the IT Function’s objective to continuously improving certainty of outcome in cost, quality and service.
We think the role is a fantastic stepping stone for someone who is seeking hands on experience and stretch to gain skills which will position them well for future CISO roles. It is likely you will join as an analyst, with scope to progress to a manager by taking on the Information Security responsibilities currently covered between the IT Managers. We are also open to applications from established Information Security Managers.
If you’ve got what it takes Ricardo is an excellent place to work, people are down to earth, amicable and our business provides much variety. We work hard and are advocates of flexible working because we know that productive people tend to have both stretch and a good work/life balance.
It is possible that you’re at a larger organisation right now, frustrated that you don’t have the autonomy and exposure to truly make a difference.
Soft skills are more important than technical skills for this role, you need to have a good grasp on technology so that you can interact effectively with our technical folk, what is critical is that you are able to manage and influence our business stakeholders.
You are a completer finisher and pay attention to detail yet are not pedantic. Ricardo’s ethos “maximise efficiency and eliminate waste” in this role means we seek to provide appropriate “guard rails” that protect our organisation without stifling the ability to innovate.
Enthusiastic, motivated, team player are just table stakes, we’re looking for someone we can develop in to a star and are committed to doing so.
- Experience in information security management, compliance and auditing.
- ISO/IEC 27001 Lead Auditor (desirable).
- Knowledge of regulations (ISO27001, GDPR), compliance and risk assessments.
- Contributes to the design, development and delivery of specialist security education and training to management and staff.
- Strong written and verbal communication skills.
- Strong interpersonal and influencing skills
- Independent, organised and able to work with limited supervision
- Ability to prioritise and manage workload
- Able to summarise the “so what”
The role requires travel to other Ricardo sites (circa 20%) within the UK and mainland Europe. Having a family or life outside of work is no barrier to success, we rarely travel at short notice and encourage flexible working.
Sell yourself: you are more likely to be interviewed & hired if you include a compelling cover letter that demonstrates your summarisation skills rather than just sending in a CV.