Keyloop bridges the gap between dealers, manufacturers, technology suppliers and car buyers.

We empower car dealers and manufacturers to fully embrace digital transformation. How? By creating innovative technology that makes selling cars better for our customers, and buying and owning cars better for theirs.

We use cutting-edge technology to link our clients’ systems, departments and sites. We provide an open technology platform that’s shaping the industry for the future. We use data to help clients become more efficient, increase profitability and give more customers an amazing experience. Want to be part of it?

Information Security Officer

The responsibility of the Information Security Officer is to assist the Information Security Manager in creation, management and oversight of the ISO 27001 Information Security Management System (ISMS) and alignment with other standards and requirements, included but not limited to CIS-20, TISAX and Cyber Essentials.

Reporting to the Information Security Manager, the Information Security Officer provides group-wide advice and guidance on information security governance, risk and compliance, and will help manage and monitor confidentiality, integrity and availability of information through the integration of security policies, standards, controls and assurance activities.

Responsibilities

This person will help create and coordinate all information security governance activities including ISO 27001 certification, internal and external audits, MI and reporting, and control assurance.

• Create and manage ISO 27001 compliant documentation.
• Maintain and manage first and second layer information security policies and third layer information security standards and procedures.
• Ensure alignment of risk methodology, incident management and business impact analysis measurements.
• Ensure the accuracy of information entered into the risk management system and conduct risk management activities across the group.
• Undertake horizon scanning activity to ensure internal and external information security expectations are appropriately managed.
• Provide cybersecurity recommendations based on significant threats and vulnerabilities.
• Attend and minute the Information Security Forum.
• Conduct ongoing control assessment and assurance activities.
• Monitor documentation to ensure accuracy and quality.

• Assist in the responses, and track the remediation of, Information Security Program Assessments and Risk Assessments in addition to working with internal and external audit.
• Maintain the information lifecycle, including information inventory, classification, handling, retention and disposal.
• Assist in the management of vendor, supplier and third party information security assessments.
• Assist in the management and response to information security vulnerabilities, incidents and threats.
• Deputise for the Information Security Manager, as and when required.
• Promote a good security culture to ensure that information security is integral to the business.

Skills and experience that you will possess:

• Ability to work across multiple teams, including IT, Engineering, Legal, HR, Facilities, Procurement and others.
• Industry knowledge of information security good practice, policies, remediation strategies and risk assessments.
• Good technical understanding of IT and information security systems and tools.
• Understanding of, and experience in developing mitigation strategies to combat the risks associated with, current and emerging threats, vulnerabilities, and attack vectors used to compromise enterprise and critical infrastructure.
• Experience with data protection & archiving, disaster recovery, business continuity and implementation
• Ability to create documentation that describes technical details to both technical and non-technical audiences.
• Knowledge of industry best practices from organizations such as International Standards Organization (ISO), Center for Internet Security (CIS) and National Institute of Standards (NIST)
• Strong knowledge of IT controls, including security concepts and terminology related to applications, databases, operating systems, and IT operations
• Experience with information security, cyber security, and privacy issues and awareness of regulated data environments (e.g. PCI, SOX, FERPA, HIPAA, and COPPA)
• Ability & desire to learn new product lines and technologies quickly & efficiently

Education Requirements:

• Example Certifications: SSCP, CISSP, CISA, CISM, ISO 27001 LI, ISO 27001 LA.

Why join us?

We’re on a journey to become market leaders in our space – and with that comes some incredible opportunities. Collaborate and learn from industry experts from all over the globe. Work with game-changing products and services. Get the training and support you need to try new things, adapt to quick changes and explore different paths. Join Keyloop and progress your career, your way.

An inclusive environment to thrive

We’re committed to fostering an inclusive work environment. One that respects all dimensions of diversity. We promote an inclusive culture within our business, and we celebrate different employees and lifestyles – not just on key days, but every day.

Be rewarded for your efforts

We believe people should be paid based on their performance so our pay and benefits reflect this and are designed to attract the very best talent. We encourage everyone in our organisation to explore opportunities which enable them to grow their career through investment in their development but equally by working in a culture which fosters support and unbridled collaboration.