Business Information Security Officer

Keyloop bridges the gap between dealers, manufacturers, technology suppliers and car buyers.We empower car dealers and manufacturers to fully embrace digital transformation. How? By creating innovative technology that makes selling cars better for our customers, and buying and owning cars better for theirs. We use cutting-edge technology to link our clients’ systems, departments and sites. We provide an open technology platform that’s shaping the industry for the future. We use data to help clients become more efficient, increase profitability and give more customers an amazing experience. Want to be part of it? 

Reporting to the Senior Governance, Risk & Compliance Officer, the Information Security Officer will assist in strengthening the organisation’s security posture within a large, complex, and fast-paced environment. This role supports the development and implementation of GRC policies, risk management frameworks, and control processes to ensure the confidentiality, integrity, and availability of Keyloop’s information assets. The Information Security Officer will work cross-functionally with stakeholders across diverse teams and departments to embed strong information security practices throughout the business. The role also includes identifying and tracking risks within the supply chain and supporting the organisation’s broader information security governance, risk, and compliance efforts. A critical part of this role is helping to promote a strong risk-aware culture and embedding positive security behaviours across the organisation.

Role & Responsibility :

• The job holder will be responsible for assisting and supporting in a range of activities across the Governance, Risk and Compliance function. The job holder will be responsible for the following activities:
Governance
• Support the development, maintenance, and review of Information Security policies, standards, and associated processes.
• Monitor regulatory and industry developments to ensure evolving external requirements are reflected in internal practices.
• Attend and document meetings such as the Information Security Forum, ensuring actions and decisions are appropriately recorded and tracked.
• Collate, analyse, and visualise GRC-related data to support reporting on key metrics such as risk trends, policy compliance, control effectiveness, and audit findings, enabling informed decision-making by stakeholders and leadership.

Risk
• Contribute to the ongoing risk management process by identifying, assessing, and tracking information security risks, maintaining the Risk Register, and coordinating risk treatment plans with relevant risk owners.
• Conduct third-party risk assessments and due diligence during onboarding and at scheduled intervals to ensure vendor compliance with security requirements.

Compliance
• Support internal and external audits, including evidence gathering, issue tracking, and remediation of findings or control gaps.
• Perform ongoing control assurance activities to validate the effectiveness of implemented security controls and identify areas for improvement.
• Manage and respond to governance and compliance queries and tickets from business units and technical teams.
• Respond to customer security questionnaires, RFPs, compliance assessments, and related documentation requests as needed, ensuring alignment with both internal standards and customer expectations.

Collaboration & Culture
• Promote adoption and compliance with Information Security policies, standards, and guidelines across the organisation and support stakeholder education and awareness initiatives.
• Collaborate with key business functions including HR, Procurement, Legal, IT, and Engineering to embed GRC requirements into core business processes.
• Foster a strong security culture across the organisation, helping to embed risk-aware behaviours and make information security integral to day-to-day operations.

Expereince :

• Essential


• Prior experience in cybersecurity, risk management, compliance, or governance.
• Strong understanding of regulatory requirements, security frameworks, and standards such as ISO 27001, NIST CSF, CIS, and SOC 2.
• Hands-on experience with ISO 27001 implementation and audit readiness.
• Experience supporting SOC 2 readiness and evidence collection.
• Proficient with risk assessment methodologies and control frameworks to evaluate and mitigate risks, including third-party/vendor risk assessments.
• Experience supporting internal and external audits.
• Skilled in developing and maintaining security policies, processes, and controls.
• Relevant industry certifications such as Security+, ISO 27001 Lead Implementer, CRISC, or equivalent.

Desirable

• Understanding of GDPR principles and their application to information security and data protection practices.

Skills & Abilities:

• Excellent written and verbal communication skills, with the ability to engage effectively and adapt content for both technical and non-technical audiences.
• Strong analytical and problem-solving skills, with keen attention to detail and a methodical approach.
• Proficient in producing a wide range of business-relevant documentation, including processes, procedures and reports.
• Ability to prioritise and manage multiple tasks effectively in a fast-paced, dynamic environment.
• Strong collaboration skills with experience working across diverse teams and departments to achieve shared goals and drive effective governance, risk, and compliance outcomes.
• Strong organisational skills with the ability to track issues, audits, and remediation efforts to ensure timely resolution.
• Proactive mindset with the ability to anticipate potential risks and compliance challenges before they arise.
• Proficient in collating and visualising data to communicate GRC metrics, risk trends, and compliance status.

Why join us?We’re on a journey to become market leaders in our space – and with that comes some incredible opportunities. Collaborate and learn from industry experts from all over the globe. Work with game-changing products and services. Get the training and support you need to try new things, adapt to quick changes and explore different paths. Join Keyloop and progress your career, your way. An inclusive environment to thriveWe’re committed to fostering an inclusive work environment. One that respects all dimensions of diversity.  We promote an inclusive culture within our business, and we celebrate different employees and lifestyles – not just on key days, but every day. Be rewarded for your effortsWe believe people should be paid based on their performance so our pay and benefits reflect this and are designed to attract the very best talent. We encourage everyone in our organisation to explore opportunities which enable them to grow their career through investment in their development but equally by working in a culture which fosters support and unbridled collaboration.
Keyloop doesn’t require academic qualifications for this position. We select based on experience and potential, not credentials.We are also an equal opportunity employer committed to building a diverse and inclusive workforce.  We value diversity and encourage candidates of all backgrounds to apply.