Despite technology revolutionising the future of ecommerce, the way we’ve bought and sold cars has largely remained the same for over three decades. Customers had no choice but to trek to their local car dealership to access the best vehicles and latest offers. But thanks to the Automotive Transformation Group, that is no longer the case!
With almost 50 years’ of combined industry experience, the Automotive Transformation Group is comprised of two internationally recognised brands – GForces and Autofutura. We are the first of our kind within the industry, creating more than just successful and user-friendly websites for car dealers and manufacturers. Our NetDirector® Suite delivers a seamless and omnichannel solution for all those within the sector who want to stand out from the evolving competition; offering state of the art technology and invaluable data insights to maximise vehicle sales!
Since completing this game-changing merger last summer, we are committed to creating new products, investing in new ventures and developing our teams to truly become a key innovator of change. There has never been a more exciting time to join us on this journey!
Reporting into the Compliance & Operations Director, the Compliance Manager will be responsible for the day to day management of the groups’ compliance obligations focusing on risk identification and reduction as well as strategic delivery. The Compliance Manager is responsible for continued delivery and maintenance of the groups’ legal obligations such as the GDPR, NIS, PECR, FCA compliance etc, as well as the groups’ contractual and strategic compliance requirements to financiers, OEM’s, etc. The role maybe required to hold other positions within the group including but not limited to Data Protection Officer, taking full responsibility for all tasks as defined in Article 39 of the GDPR, and ISMS Manager responsible and accountable for the group’ ISO 27001 certification maintenance, including delivery of any scope increases.
- Contribute towards the ongoing maintenance of the groups’ international standards certifications, including liaising with internal and external stakeholders such as external auditors.
- Drafting, publishing and ongoing maintenance and enforcement of group policy and procedures.
- Ownership of the groups’ third party management process (vendors and suppliers to the group) including co-ordinating third party reviews and audits.
- Conduct Data Protection Impact Assessments to ensure that Privacy and Security design principles are considered in the delivery of technology and projects within the group.
- Support in the delivery of an effective internal audit programme, to ensure all legal, regulatory, contractual, and strategic compliance requirements are being adhered to, and the subsequent reporting and corrective action for any areas of non-compliance.
- Co-ordinate the response to any financier, OEM, and client information security and compliance questionnaires, working with key stakeholders within the group to ensure all accreditation requirements are fulfilled and any remediations are tracked through to completion.
- Support group efforts with regards to Financial Conduct Authority (FCA) or international equivalents, obligations.
- Support groups requirements for PCI DSS compliance as required by payment gateway providers.
- Support in the creation and maintenance of a FAQ for security and compliance questionnaires to allow the sales and account management teams to be self servicing where appropriate.
Position Reports To
Compliance & Operations Director
- Excellent Business Acumen.
- Have a proficient understanding of UK & international Data Protection Laws.
- Expert knowledge of ISO 27001, 9001, 22301, 27701 and similar international standards.
- Experience with Project Management methodologies (e.g. PRINCE2, Agile, PMI).
- Experience with relevant Risk reduction methodologies.
- Ability to communicate and interact with key stakeholder internally and externally.
Behavioural & Personality Competencies:
- Excellent Leadership and communication skills.
- Self-starter, with drive to influence and guide stakeholders on strategic compliance
- Build strong sustainable relationships with both internal and external stakeholders at all levels that ensure that expectations are met.
- Ability to motivate, empower, coach and develop people.
- Strong negotiation and influencing skills.
- Highly articulate, excellent communication skills, ability to concisely verbalise information and ideas.
- 5 years experience in Data Protection/Compliance or Information Security role.
- Relevant professional qualifications such as CIPP/E, CISM, CISMP, CISA, ISO 27001 Lead Auditor (desirable).
- Proven experience of delivering and maintaining ISO standards.
- Knowledge of PCI DSS security requirements.
- Knowledge of FCA or international equivalents, compliance requirements.
- 25 days holiday plus birthday off
- Up to 5 additional days holiday for long service
- Group pension plan
- Enhanced maternity and paternity
- Regular socials and company events
- Flexible hours
Job Application Privacy Notice
Under the Equality Act 2010, we aim to be an equal opportunities employer and we are determined to ensure that no applicant or employee receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown to be justifiable.