Security Assurance Manager

We are seeking a proactive and experienced Security Assurance Manager to enhance our security assurance initiatives. This role focuses on evidencing security controls, maintaining a cycle of continuous improvements while aligning with external customer and regulatory requirements (both UK and Europe), while also supporting the Head of Digital Security running the team in an Agile manner.

The ideal candidate will want to transform traditional compliance checks into a fluid, data-driven process, leveraging established benchmarks and facilitating collaboration with data teams to reduce repetitive overhead. Additionally, the role will work closely with various stakeholders to identify and streamline the use of internal audit and system information, speeding up processes and enhancing our competitive edge while maintaining compliance and trust.

This role is intended to evolve and requires someone who is eager to build maturity into both the role and the department's responsibilities. It is a Hybrid role, which may include travel every couple of weeks to a CAG office for a day or two., Lead Audits and Control Checks: Conduct comprehensive audits of internal systems, ensuring alignment with internal standards and external customer expectations, and identifying and remediating compliance gaps.
Mentorship and Leadership: Develop and guide a team of 4 specialists, fostering a culture of security awareness and best practices.
Utilize Security Benchmarks: Lead the creation and operation of a Security Scorecard and actionable monthly KRI reporting. Leveraging CIS benchmarks, AWS Security Hub, Microsoft Security Scores, and similar tools to address security inquiries efficiently.
Collaborate with Security and Product Teams: Ensure security requirements are integrated into projects, and existing systems/products are evidenced and continuously improved through a robust testing schedule.
Support Assurance and Commercial Teams: Assist assurance team members in working with commercial staff to use internal audits and systems to accelerate processes, integrating security requirements into proposals and contracts.
Data-Driven Insights and Risk Management: Analyse data to identify control weaknesses and ensure timely remediation. Collaborate with stakeholders to prioritize risks and align insights with broader risk management strategies.
Process Improvement: Transform static compliance processes into agile, data-driven workflows that integrate seamlessly with operational and technical tasks.
Continuous Improvement: Stay updated on industry best practices, emerging technologies, and evolving threats. Use this knowledge to refine internal strategies, ensuring alignment with the CISO strategy and maintaining robust security practices.

Experience in a similar information security role, focusing on data-driven security assurance and compliance.
Experience using native platform tooling and working in an Agile environment is essential.
Background in a consulting or influencing role is beneficial.
5 years in information security role(s) or having information security responsibilities.
Strong understanding of security frameworks, risk assessment methodologies, CIS benchmarks, AWS Security Hub, and Microsoft Security Scores.
Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor) are preferred but not essential.
Excellent communication and interpersonal skills with the ability to translate complex security concepts into clear business language. Experience tailoring communication for diverse audiences is beneficial.

We are proud to be Level 1 Disability Confident and committed to ensuring our recruitment process is inclusive and accessible.

£70,000 - £90,000 per annum depending on experience + car allowance +bonus + benefits

BCA are the biggest name in Europe's vehicle remarketing industry, backed by the Constellation Automotive Group, we're part of a family including cinch and WeBuyAnyCar.com. We offer competitive salaries and benefits, fantastic support to progress and learn, and flexible remote working.