HCUK Information Security Assurance Analyst page is loaded## HCUK Information Security Assurance Analystlocations: Redhilltime type: Full timeposted on: Posted 8 Days Agojob requisition id: Req1486258HCUK Information Security Assurance AnalystCountry: United Kingdom## Company Background and Job PurposeHyundai Capital Services UK Ltd (HCUK), a joint venture between Santander Consumer UK and Hyundai Capital Services Korea, operates under multiple finance brands providing funding solutions for retailers and consumers. The **Information Security Assurance Analyst** reports to the CISO, Head of Information Security & IT and is tasked with supporting the effective operation, reporting, and evidencing of the company’s technology and information security controls and Information Security Management System (ISMS).**WHAT YOU’LL BE DOING**## Key Accountabilities### 1. Information Security* Maintain and improve the ISMS.* Review and update ISMS policies, procedures, standards, and guidance.* Coordinate internal ISMS reviews and audits.* Facilitate supplier onboarding and conduct annual security assessments.* Develop and deliver security awareness initiatives.* Monitor security alerts and incidents, escalating when necessary.* Prepare reports on security incidents, risks, and vulnerabilities.* Schedule penetration tests and vulnerability scans, supporting remediation efforts.### 2. Technology* Analyse external vulnerability bulletins and coordinate remediation.* Assist in evaluating cybersecurity tools.* Use third-party assessment platforms for risk and compliance.* Operate and improve the online ISMS platform ensuring data quality.### 3. Project Delivery* Support Senior Information Security Analyst with project delivery including research, coordination, and documentation.* Participate actively in project teams to implement security initiatives.### 4. Framework Management & Monitoring* Monitor and maintain evidence of control effectiveness.* Support audits by coordinating evidence collection.* Evaluate controls and document nonconformities.* Respond to audit findings ensuring timely remediation.### 5. Stakeholder Engagement* Build relationships with internal and external stakeholders to support security objectives.* Collaborate with IT teams to prioritize and track remediation of vulnerabilities.### 6. Communication and Reporting* Produce clear reports on security activities and projects.* Document and report incidents with root cause analysis.* Generate ISMS reports using defined metrics for governance.* Communicate risks effectively tailored to audience technical levels.### 7. Insight and Continuous Improvement* Support ongoing ISMS review and enhancement.* Research and recommend new security tools and practices.* Keep colleagues and managers informed of security issues and implications.### 8. Risk and Compliance* Assist in targeted information security risk assessments.* Participate in risk meetings and prepare reports.* Report risks, incidents, and breaches in line with policies.**WHAT WE’RE LOOKING FOR**## Key Competencies* **Documentation & Attention to Detail:** Ability to translate complex technical information into business-relevant language with strong accuracy.* **Communication:** Excellent verbal and written skills for technical and non-technical audiences.* **Teamwork:** Collaborative and professional in building strong working relationships.* **Time Management:** Effective multitasking and independent work with minimal supervision.* **Influencing & Negotiating:** Builds trust and uses interpersonal skills to influence and build consensus.* **Problem Solving:** Applies initiative and critical thinking with adaptability and curiosity.## Key Expertise* Understanding of information security principles, frameworks (e.g., ISO/IEC 27001), and risk management.* Familiarity with ISMS maintenance and security incident response.* Knowledge of regulatory requirements such as GDPR, NIS2, and Cyber Essentials.* Experience with third-party security assessment platforms and GRC tools is desirable.* Exposure to vulnerability management and audit involvement is advantageous.* Relevant education or professional qualifications in risk, compliance, or information security.**WHAT WE OFFER**## Key Information, Benefits and Remuneration* Hybrid working model with a minimum of two days per week at the Reigate, Surrey office.* Occasional domestic travel may be required.* Salary range between **£40,000 - £45,000** depending on experience.* Eligibility for an annual bonus of up to 15%.* 25 days holiday plus bank holidays, with flexible holiday options and additional leave after five years.* Company pension with generous contributions.* Voluntary benefits allowance of £500 per annum.* Family support benefits including death in service and income protection.* Discounted voluntary healthcare benefits and company-sponsored private medical insurance after one year.* Employee car scheme.* Employee assistance program.Enhanced family-friendly policies and flexible working opportunities[](blob:https://santander.wd3.myworkdayjobs.com/2d6f6b24-1b90-4056-9126-2f7a7f1b68f9)
#J-18808-Ljbffr