Associate Information Security Compliance Officer

Company Overview

At IMS were transforming the way the world drives. As a leading provider of connected car and telematics solutions we deliver cuttingedge services and analytics to insurers governments and enterprises worldwide.

Our cloudbased DriveSync platform is at the heart of what we do an industryrecognized solution that empowers smarter decisionmaking and better driving outcomes. From enhancing road safety to enabling intelligent mobility strategies our technology is designed to make driving safer and smarter for everyone from global insurers to local governments and everyday drivers.

Description

At IMS were on a mission to make driving safer and smarter through connected car and telematics innovation.

The Associate Information Security Compliance Officer (AISCO) is an important member of the IMS Information Security team assisting in safeguarding the companys data infrastructure and digital assets. This role helps to ensure that IMSs security framework aligns with ISO27001 industry best practices and legal and regulatory requirements. The AISCO will helpcarry out security audits policy review incident management and continuous improvement of IMSs cybersecurity posture along with adherence and adoption of relevant market regulations.

This position requires a blend of technical expertise analytical research and thinking skills and good clear communication with the confidence to collaborate with various stakeholders across the organisation. The ideal candidate will be a proactive problem solver who can identify risks recommend solutions and assist in the implementation of security controls to protect IMSs global technology ecosystem.

In this role you will be responsible for:

Security Compliance & Risk Management

• Assist in the development implementation and enforcement of information security policies standards and procedures in compliance with ISO27001 GDPR NIST and SOC frameworks.
• Conduct internal security audits and coordinate external audits to assess compliance and effectiveness of security controls.
• Perform privacy impact assessments in line with regulatory requirements.
• Identify and assess cybersecurity risks across IMS systems and recommend appropriate remediation actions.
• Maintain all InfoSec framework certifications ensuring compliance with regulatory and customer requirements.
• Collaborate with legal and compliance teams to ensure IMS meets data privacy laws and security regulations across different jurisdictions.

Incident Detection Response & Management

• Monitor network and system logs for security incidents unauthorized access or vulnerabilities.
• Investigate security breaches analyse attack vectors and document security incidents including impact assessments and recommended mitigations.
• Maintain incident response plans (IRPs) to ensure rapid and effective response to security events.
• Coordinate forensic analysis and liaise with law enforcement or regulatory agencies when required.
• Ensure security alerts are appropriately triaged investigated and escalated following IMS security protocols.

ThirdParty Security Assessments

• Conduct risk assessments and security audits for IMSs thirdparty vendors partners and suppliers.
• Work with external security consultants to evaluate and approve new thirdparty integrations.
• Ensure third parties comply with IMSs security and data protection requirements before onboarding.
• Review and update vendor security contracts ensuring alignment with IMS security standards.

Customer Security Assessments

• Complete security questionnaires and assessments from current and prospective clients.
• Facilitate remote and onsite data privacy audits with IMS customers.
• Review contractual security clauses and verify operational adherence.

Security Operations & Infrastructure Protection

• Oversee the implementation and operation of firewalls intrusion detection systems (IDS) endpoint protection data loss protection (DLP tools and other security solutions.
• Work closely with IT and DevOps teams to ensure secure cloud architecture and adherence to IAM (Identity & Access Management) policies.
• Maintain encryption access control and authentication protocols to secure sensitive data.
• Assist with the coordination of regular penetration testing and vulnerability scanning to assess security posture.
• Monitor emerging cybersecurity threats and recommend updates to IMS security technologies and defences.
• Oversee the continual development and testing of Business Continuity (BC) and Disaster Recovery (DR) plans.

Policy Development & Employee Training

• Assist within the update of information security policies ensuring they reflect evolving threats and business needs.
• Conduct companywide security awareness training to educate employees on best practices phishing prevention and data protection.
• Serve as an internal security advisor providing guidance to IT teams leadership and employees on secure operations.
• Check for adherence to secure coding practices for IMS software development teams.

Continuous Improvement & Industry Trends

• Stay informed on latest cybersecurity trends threats and evolving regulatory requirements.
• Research and suggest innovative security technologies to enhance IMSs resilience against cyber threats.
• Drive security automation and orchestration where possible to improve response times and reduce manual processes.
  
  

Requirements:

• Good knowledge of cybersecurity frameworks such as ISO27001 NIST SOC 2 and GDPR compliance.
• A Cyber Security qualification or a relevant Insurance Compliance qualification related to GDPR and security.
• A basic understanding of the function of network security tools antivirus/malware SIEM systems firewalls and intrusion detection systems.
• Ability to deliver security reports and communicate security concepts to technical and nontechnical audiences.
• Good organisational skills with the ability to prioritise and manage multiple security initiatives.
  

Bonus Qualifications & Experience:

• ISO27001 ISMS certification Lead Internal Auditor or Lead Implementer).
• Knowledge of cloud security (AWS Azure Google Cloud) and secure DevOps practices.
• Experience working with SOC audits and GDPR compliance programs.
• Handson experience with incident response and forensics.
• Understanding of zerotrust security models identity management and endpoint security.
• Experience working in a regulated environment that requires practical application of GDPR and information security.
• Background in IT administration networking or software security engineering.
  
  
  

Why should you join us

Flexible remote working options
Opportunity to work within a global team
Were an innovative technology leader with plans for growth in the global telematics industry. These are some exciting times!
Companypaid health benefits program.
Pension scheme with salary sacrifice option.
Flexible holiday policy to really make the most of your time and wellbeing
Work from Anywhere Policy work almost anywhere in the world for 30 days per year!
Paid volunteering days
Employee Assistance Program
Enhanced maternity/paternity leave
Employee Recognition Hub

Even if you do not meet all of the above criteria please consider applying! If you have any questions do not hesitate to get in touch with our HR team at

IMS is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.