Information Security Officer

Competitive salary, annual bonus, car allowance and an extensive benefits package.

The role in a nutshell: Responsible for all aspects of Information Security within Toyota Financial Services UK, including compliance with Corporate Policies, the ongoing promotion of Information Security across the organisation and to operate an effective Information Security Management System (ISMS). 

About the ‘Department’: The Business Technology Solutions (BTS) department are responsible for delivering end-to-end business technology and change through their four key functions of Governance, Projects & Change, Delivery and Technical Operations.  They look after both TFSUK and KINTO UK. The mission of BTS is to Give (the Business the technology, applications and services it needs), to Guide (the Business through Change using their expertise and experience) and to Guard (always protect the Business, its Customers & its Data).

What you’ll be doing:

• Maintain, mature and align the BTS’ ISMS with ISO27001:2022 through management and evolution of the company’s Information Security policies, maintaining best practice and alignment with Corporate and Regulatory requirements, including the Global Information Security Group framework (GISG), General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX) PCI-DSS & Cyber Essentials Plus.
• Manage Information Security aspects of the third-party due diligence process, including subject matter expertise to support onboarding of new suppliers, ongoing assessment of existing suppliers, contract reviews.
• Manage/Co-ordinate or provide reporting material for regular information security meetings including supplier security reviews, risk register reviews, metrics. 
• Provide clear and actionable information security reporting to senior leadership.
• Manage/operate Information Security related tools such as GRC tool and Supplier assessment tool.
• Own and maintain the BTS Risk register, ensuring risks are identified, assessed and documented in accordance with internal risk methodology, including exception handling.
• Working in partnership with the Data Protection Officer (DPO) & Legal & Compliance to protect the organisation’s information.
• Overseeing Audit Findings and any associated remediation across BTS including gathering, management and submission of control evidence to support assurance activities, internal compliance reviews (GISG) and any regulatory requirements Manage the Information Security Awareness programme, including maintenance of the training schedule, annual employee training, creation of materials and assist with co-ordination of monthly phishing campaigns.
• Proactively raising the profile of Information Security across the organisation, its stakeholders, vendors and customers.
• Working in partnership with the Business & BTS teams to ensure all Projects, Changes, policies and procedures are compliant with corporate information security policies.
• Management of the annual Security Incident Response Test (SIRT), as well as ensuring the remediation of any findings.
• Undertake Security related Testing, including Phishing, Security Incident Response Tests
• Co-ordinate response to security incidents and breaches to ensure any impact is contained and relevant information obtained to facilitate analysis and improvement plans.
• Maturing the Information Security mindset across TFS UK.

What you’ll get to own:

• Management of TFSUK’s ISO27001 certification, ensuring the ongoing certification is retained
• Management of TFSUK’s GISG posture, ensuring compliance against the extensive control set
• Management of the GISG Vendor Assessment process for Information Security assurance of all TFSUK vendors
• Development & Management of the Information Security Strategy and subsequent annual reviews
• Oversight of remediation work for all open IT audit findings
• Management of IT Risk Register and ongoing monthly reviews
• Information Security Reporting & Performance KPIs