Our mission is to transform the car buying experience across the UK and Europe by providing better selection, flexibility, transparency, convenience and peace of mind. We aim to make getting your next car no different to ordering any other product online today, where consumers can simply and seamlessly purchase, finance or subscribe to a car entirely online for delivery or collection in as little as 72 hours.
Cazoo was founded in 2018 by serial entrepreneur Alex Chesterman OBE, has a highly experienced management team and is backed by some of the leading global technology investors.
We’re looking for an IT Controls and Security Assurance Manager to join our small but mighty information security team. You will take ownership of the SOx focused IT controls framework and partner closely with IT, engineering and finance to ensure the controls are in place and operating effectively.
As Cazoo evolves you will identify gaps and inefficiencies and work with teams to design new controls and call out better ways of working. You will support activities related to certification and alignment with industry standards and security best practice, as well as act as an audit and risk liaison.
You will own third party security assurance and streamline supporting processes working with procurement, legal, finance and the DPO. This will include evaluating new systems and products and supporting business partners where necessary.
Over time you will work to develop and oversee an integrated security control and assurance framework. Although borne out of SOx this is very much an information and IT security focused role.
What you will be doing
You’ll be joining Cazoo, one of the fastest-growing technology companies in the world, at an early stage, where there is an opportunity to have a significant impact, shaping how we do security and deliver assurance. You’ll be reporting to the Chief Information Security Officer (CISO), but day to day will spend much of your time partnering with other areas to drive control compliance and security forward.
- Own SOx IT controls framework and support and provide ongoing informed/specialist assurance checks
- Collaborate with IT and engineering and steer teams to build in IT and security controls and innovate to automate assurance
- Identify control gaps and work with the technology and business teams to close them
- Coordinate with external auditors and internal process and control owners to enable completion of control testing
- Develop streamlined processes to track and report on security issues and act as risk liaison for security
- Own third party security assurance and streamline supporting processes working with procurement, legal, finance and the DPO
- Develop and own an integrated IT and security control and assurance framework
- Support security certification and/or alignment with industry standards and best practice (e.g. CIS Controls, Cyber Essentials, PCI DSS, ISO27000 series, and the BSIMM)
- Shape how we do security and privacy and make a positive difference every day
Required skills and experience
- Self-starter and influencer with drive and focus
- Strives for iterative improvement and challenges teams to follow
- Experience developing security control frameworks based on security best practice and industry standards such as the CIS Controls, Cyber Essentials, ISO27000 series, PCI DSS, or the BSIMM
- Experience with applying controls in the Cloud (AWS) and in the software development lifecycle
- Experience setting up security assurance programmes across third parties
- Experience working with external and internal audit and risk in a liaison capacity
- Experience managing an IT control and security assurance program
- Working knowledge of SOx (experience would be an asset)
- Working knowledge of IT control frameworks such as COSO, COBIT, or NIST
- Working knowledge of control domains such as access, change management, IT operations, and application-level controls
- Strong written and verbal communication skills
- Basic knowledge of how business processes are supported by IT and security controls
- Policy writing experience would be an asset
- Degree educated (BSc/BA) or equivalent experience in a relevant industry (e.g. information security, risk, audit, technology)
- CISM, CISA, CRISC, CISMP, CISSP or other relevant security, IT control or audit certifications
At Cazoo, you will play a key role in creating a highly visible and tangible product that’s seeking to change and replace a painful process that almost everyone must contend with at some point in their life.
We offer a competitive salary, with an outstanding benefits package, including an annual bonus and 25 days holiday (plus an extra day for your birthday). We also offer a 5% salary matched pension scheme, life insurance and critical illness cover. At Cazoo we are also passionate about well being; we provide an annual wellness fund and we partner with a leading healthcare provider.
Our London home is located a stone’s throw from Euston Station and close to Kings Cross, with tube stations on the Northern, Victoria, Piccadilly, Hammersmith & City and Circle lines all a short walk away.
In the post-Covid era, subject to government guidance, we will be operating a hybrid working model, with employees expected to spend a few days a week in the office alongside colleagues, while the others can be worked from home.
Our selection process will typically involve an initial chat with one of our recruitment team followed by a selection of competency based interviews with stakeholders and the hiring manager.
We know that diverse teams make better teams, and we are an equal opportunity employer that values diversity and inclusivity. We do not discriminate on the basis of gender, race, age, sexual orientation, colour, religion, national origin, disability status or marital status.