Cyber Risk and Compliance Analyst

Posted 23 days 17 hours ago by Oodle Car Finance

Permanent
Full Time
Other
Lancashire, Manchester, United Kingdom, M21 0
Job Description
Overview

Monday - Friday (37.5 hours per week - hybrid).

Benefits
  • 25 days holiday (rising to 28 after 3 years' service) plus bank holidays.
  • Private Medical - via vitality, with reward schemes paid for you and your family.
  • Health cash plan - via Simply Health for employees and children.
  • Pension - Oodle will contribute 5% of your salary into your pension pot.
  • Free breakfast, drinks and fruit in the office.
  • Employee discounts for major shops.
  • 1 day volunteer day per year.
  • Mental health care - 6 free counselling sessions via our EAP.
  • Paid sick leave - enhanced company sick pay.
  • Enhanced family leave - enhanced leave for primary and secondary caregivers.
What you'll be getting up to
  • Maintain and operate the Cyber Risk Register, ensuring timely tracking and treatment of issues. Provide reporting for key governance committees.
  • Deliver the Information Risk Assessment Programme, engaging business and technical stakeholders to assess and manage cyber threats and risks.
  • Deliver Supplier Risk Assessments, working with procurement and business teams to assess and monitor third-party risk through the supplier life-cycle.
  • Facilitate and document Security Risk Exceptions.
  • Cyber Training and Awareness: Contribute to the design and rollout of security awareness content and phishing simulation programmes to embed a strong cyber culture.
  • Security Policy Framework: Support ongoing development, maintenance, and communication of the organisation's Security Policy framework, reviewing and updating policies and procedures.
  • Cyber Security & Resilience Compliance: Coordinate compliance efforts across standards such as PCI-DSS, audits, user access reviews, and FCA operational resilience requirements. Work with stakeholders to manage remediation actions and audit responses.
  • Support Cyber Incident Management: Act as a supporting resource in cyber incident response activities, logging, tracking and learning from incidents and near misses.
Qualifications
  • A minimum of two years' experience in a cyber risk / information security role.
  • Working knowledge of cyber risk frameworks (e.g. ISO 27001, NIST CSF).
  • Experience maintaining risk registers and conducting information risk assessments, including supplier risk assessments.
  • Understanding of regulatory and compliance requirements (e.g. PCI-DSS).
  • Excellent communication skills, with the ability to articulate technical and risk concepts to diverse stakeholders.
  • Proactive and structured approach to managing tasks and stakeholders.
  • Collaborative mindset to strengthen the organisation's security posture, in line with business objectives.
  • Certified qualifications such as CRISC, CISMP, CISM, CISSP, ISO 27001 Lead Implementer, or equivalent.
  • Experience with GRC tools (e.g. OneTrust, Archer, Protecht).
  • Awareness of cloud platforms and SaaS (e.g. Microsoft Azure, M365, AWS) and associated security risks.
  • Understanding of SYSC15 Operational Resilience (FCA Handbook).
  • Exposure to incident management or data breach support.
Our values
  • Embrace being human
  • Strive for awesome
  • Everyone's a builder
  • Bravely honest
  • Think customer

Oodle is proud to be an inclusive workplace and recognises diversity of experience, thoughts and backgrounds leads to better outcomes. We have DEI networks to support our culture.