Security GRC Analyst

We're looking for a Security GRC Analyst to join our European Information Security team and play a key part in strengthening our cyber resilience, maturing our governance processes, and enabling secure innovation across multiple brands and markets. Why Join Us? At Cox Automotive Europe, security isn't a blocker - it's an accelerator. You'll work within a collaborative security team that partners closely with engineering, technology, product and business teams across the UK and Europe. You'll have the opportunity to influence how governance, risk and compliance shape our platforms, services and operational landscape. You'll also work closely with our global Enterprise Risk & Security teams in the US, giving you exposure to world-class security practices and the chance to help localise and embed them across Europe. What You'll Be Doing As our Security GRC Analyst, you will support a broad range of governance, risk and compliance activities that underpin our European security posture - including:

• Responding to customer assurance requests, security questionnaires and audit requirements
• Managing supplier assurance assessments and third-party risk reviews
• Helping maintain and improve security policies, standards and supporting documentation
• Supporting risk identification, assessment and governance processes across CAPTG Europe
• Coordinating security evidence and documentation for certifications (ISO, SOC, etc.)
• Assisting with compliance reviews for projects, new services and M&A activity
• Maintaining security documentation for legal and regulatory obligations
• Collaborating with UK, European and global security teams to align GRC practices
• Supporting security incidents from a governance and documentation perspective
• Driving continuous improvement and helping embed security into everyday operations, We do not accept unsolicited CVs sent to the recruitment team or directly to a hiring manager. We will not be responsible for any fees related to unsolicited submissions.
  
  2+ years in information security or governance, risk & compliance
• Solid understanding of cloud (AWS/Azure), infrastructure and software development concepts
• Familiarity with core frameworks such as ISO 27001, SOC 2, GDPR
• Experience with customer assurance, audits, or compliance questionnaires
• Supplier assurance / third-party risk management expertise
• Excellent communication, organisation and stakeholder-management skills
Desirable
• GRC tooling or platform experience
• Knowledge of risk methodologies
• Certifications such as CISM, CRISC
• Understanding of PCI-DSS
• Exposure to secure development practices or cloud security principles
  
  Cox Automotive is the world's largest automotive service organisation. We
provide dependable solutions that improve performance and profitability throughout the vehicle lifecycle to manufacturers, fleets, and retailers. Our businesses are organised around our customers' core needs across vehicle solutions, mobility, remarketing, funding, and retail. The Benefits Testimonials Aneliese Platts Senior Designer "The people that work here are what sets Cox Automotive apart. We genuinely work as a team, and I feel the same level of support everywhere in the business. Working here is like a family away from home, but most importantly we have fun whilst doing it!" Ann Fairbanks Executive PA & Business Support "I wouldn't be where I am today without Cox Automotive. The company has real culture of learning, pushing the boundaries and making YOU better. It's all built on strong values that are more than just words, they're acted on every single day." Gemma Hepple National Operations Manager "In my nine years here, Cox Automotive has allowed me to learn, grow and hone my skills. There's a real commitment to inclusion and diversity and today I am proud to be in what was historically perceived to be a 'man's' role."

Cox Automotive is the world's largest automotive services organisation - powering digital, data and physical solutions across the entire vehicle lifecycle. Behind that capability sits a modern, forward-thinking Information Security function designed to safeguard our people, our customers, and our data.,
• A chance to develop your GRC skillset across diverse brands, systems and markets
• Close collaboration with global security experts and leading practitioners
• The opportunity to meaningfully influence how security is governed and embedded across a fast-moving enterprise
• A supportive environment that values curiosity, improvement and practical security