Governance Risk & Compliance Manager

At Ayvens, progress starts with you.

Our ambitions to shape the future of sustainable mobility are powered by our talent. Join us, and get better with every move.

Information Security is critical in protecting information and information systems from unauthorized access its key domains are Cyber Security, Security Operations and Governance, Risk and Compliance. The department collaborates with and supports, other Digital & IT departments, UK business divisions and central functions

An exciting opportunity has arisen for a Governance Risk & Compliance Manager to support the team. Offered as a permanent role, it is Bristol based with a salary of circa £65,000 plus benefits inc. Car/Bonus.

Key Purpose

• Responsible for developing, implementing and managing information security best practice frameworks, risk management, and ensuring compliance with legal, regulatory, and internal standards.

• Establish governance controls to ensure that Ayvens UK operates efficiently, safely, securely, and in compliance with applicable regulations by working closely with internal teams and external stakeholders to identify, assess, and mitigate information security risks.

• To actively remain informed and educated in respect of new and evolving areas of Technology, Information and Cyber security and be a proactive champion of security within the business

Responsibilities

• Develop, implement, and maintain Ayvens UK Information Security GRC framework, ensuring that it aligns with business objectives and regulatory requirements.

• Identify, assess, and manage information and cyber security risks across the organisation, developing mitigation strategies and ensuring effective controls are in place.

• Manage the annual schedule of NIST barometer controls identifying and reporting on ineffective controls or control gaps. Work closely with identified control performers to ensure the collation and submission of evidence in a timely manner.

• Maintain Ayvens UK compliance with selected standards including but not limited to Cyber Essentials and PCI DSS.

• Produce and maintain Ayvens UK Information Security reference documentation to facilitate audit or customers’ requests.

• Manage annual internal and external audits to ensure evidence is gathered efficiently and the audit proceeds to agreed timeline. Review and agree management responses to audit findings and create remediation plans.

• Manage third party security assessments for new requirements and maintain compliance of existing suppliers based on required schedules. Work closely with supplier relationship managers to resolve required remediations.

• Work with the Commercial teams as required to provide subject matter expertise for bids and tenders. Ensure customer questionnaires and other requirements are completed to required deadlines.

• Conduct reviews of Ayvens policies, standards and processes to ensure compliance, highlight any non-compliance and manage remediation plans.

• Perform the legal and regulatory watch requirements for Information Security ensuring Ayvens UK adheres to relevant laws, regulations, and industry standards. Address any non-compliance issues.

• Own the Ayvens UK Information Security awareness program, ensure

Skills, Experience & Background

Technical Capabilities:

• Experience of implementing, managing and improving information security best practice frameworks

• Experience of monitoring and reporting compliance against internal, legal and regulatory standards

Desired Previous Experience:

• Extensive experience of working within an Information Security and/or Cyber Risk function, specifically with experience of governance risk and compliance (GRC) or security assurance.
• Proven knowledge and experience of industry standards and best practice e.g. ISO 27000 series, NIST cyber security framework.
• Knowledge of risk management frameworks and methodologies.
• Good understanding of GDPR, and data protection.
• Experience of leading and co-ordinating internal and external audits.
• Experience of implementing or delivering security awareness and education.
• Experience of building strong and effective relationships with teams, stakeholders, customers, partners and de[1]livering excellent customer service.
• Financial Services’ experience advantageous. Education and Technical Ability:
• Hold or working toward Certified Information Systems Security Professional (CISSP) or equivalent.
• ITIL Foundation Level Service Management V3 is desirable IT Applications:

Why Ayvens?  

With over 3.4 million vehicles managed across more than 42 countries, we provide full-service leasing, flexible subscription services, fleet management services and multi-mobility solutions to customers of all sizes, including large corporates, SMEs, professionals, and private individuals. By leveraging our unique position to lead the way to net zero and further shape the digital transformation of the industry, we are well-positioned to meet the evolving mobility needs of our clients and provide them with the solutions they need to thrive.

At Ayvens, we believe that our success is driven by our commitment to customer satisfaction. Our team is dedicated to delivering innovative solutions and technology-enabled services that help our customers focus on their everyday business. We’re committed to sustainable mobility and have made it a core part of our strategy. In everything we do, we’re guided by the principles of authenticity, curiosity, commitment and collaboration. We aim to foster an organisation that's diverse in people and ideas, where everyone can thrive and be themselves, no matter who they are.

Join us on this exciting journey as we continue to enable the transformation towards large scale adoption of sustainable mobility and provide our customers with the solutions they need to succeed. Follow our page for the latest updates, news, and insights.

*ALD Automotive | LeasePlan are rebranding to Ayvens across all 42 countries by 2025.