Senior Security Assurance Analyst
  • United Kingdom Oxford
  • Oxbotica
1 year before
31.12.2023
Securely Provision
Risk Management
Job Description

Who are we?

Based in Oxford and with offices in Canada and the US, Oxbotica is an international startup founded in 2014 and scaling up rapidly (300+ Oxbots and growing).

As the global leader in our industry, we’re fuelled by a bold purpose: to make the Earth move better. From passenger shuttles to industrial vehicles, our operating system for Universal Autonomy™ is transforming the way people and goods are transported by enabling any vehicle, in any environment, to operate autonomously — safely, securely and efficiently.

Our technology is capturing investors’ imagination. To date we’ve raised $140 million in our Series C investment round. Accommodating growing demand from new and current shareholders, this funding is driving our expansion in North America and EMEA, and accelerating the deployment of our technology in domains where there is both urgent need and potential to scale.

Your Team

You will join our Security team, where we secure our product, protect our business from threats and enable adoption of autonomy technology through security assurance.

Your Role

As our Senior Security Assurance Analyst, you will be responsible for measuring, driving and improving our security posture and driving organisation wide continuous security improvement initiatives.

Key to this role is engaging our engineering and operations teams to build security practices by design and default. Through pragmatic guidance, thought leadership and data driven initiatives, you’ll build the security assurance posture which allows our clients to confidently adopt our autonomy products.

Operate and develop our enterprise security management system to manage and reduce security risk
Measure, analyse and report on security key performance indicators
Develop close relationships with our engineering and operations teams to drive continuous security improvement activity based on data and lessons learned
Deliver a security audit programme and recommend pragmatic improvements
Manage the security of our supply chain
Lead external security assurance programmes
Evolve a data protection framework to support operations across the UK, Europe and North America
Support security culture initiatives through awareness and training
Plan for security incidents and disaster recovery

Requirements

What you need to succeed:

A broad understanding of information and cyber security risks and technologies
Knowledge and experience of regulatory, industry and security compliance frameworks such as NIST, ISO 27001 and GDPR
Understanding of cloud infrastructure and associated risks

Extra kudos:

Relevant security certifications as ISO 27001 Implementer/Auditor
Data protection certifications such as IAPP CIPM
Proven agility in fast-changing environments. As a scale-up, we’re constantly evolving so our people need to evolve too for us to succeed together.
A customer-centric outlook. Chances are you won’t be directly customer facing, but we value people who anticipate and prioritise the needs of our customers. We call it ‘inventing on their behalf.’

The Candidate Journey: Multi-Step and Two-Way

No-one wants to feel like a square peg in a round hole, so this process is designed to give you every chance to get the measure of us, and us of you. The various stages give you every opportunity to show your unique strengths and qualities, and enables each of us to establish if we’re a good fit for the other. If the fit is good and you’re selected, you’re then in a position to do great work and thrive, which is what everyone wants.

Benefits

We provide:

Competitive salary, benchmarked against the market and reviewed annually
Company share programme
Hybrid and/or flexible work arrangements
An outstanding £3,000 flexible benefits including private medical insurance, critical illness coverage, life assurance, EAP, group income protection
Funded relocation support
Fully funded Visa sponsorship if required
A salary exchange pension plan
25 days’ annual leave plus bank holidays
A pet-friendly office environment
Safe assigned spaces for team members with individual and diverse needs

Our Culture

We believe that diversity of thought and experience is a key driver of innovation. It also makes life, and work, more interesting. So ours is a culture that celebrates humanity in all its diversity and richness, and uses difference as fuel to grow and succeed together. Everyone is welcome, everyone has a voice, everyone is valued. And our work and people are all the better for it.

Learn more about our culture here.

Why become an Oxbot?

Our team of experts in computer science, AI, robotics and machine learning is world-class, and together they’re solving the most exciting and important technological challenges of our times.

But as well as smarts, Oxbots have heart. Our diverse, multi-cultural crew is guided by a shared vision to bring the myriad benefits of autonomy to our customers and partners. And in a company that celebrates uniqueness as much as skill and experience, they do it with energy, conviction and a healthy dose of excitement, too.

If you are bold, creative and hyper skilled, come and create the future of autonomy with us at Oxbotica.

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0037   Knowledge of Security Assessment and Authorization process.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0066   Knowledge of Privacy Impact Assessments.
  • K0202   Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0115   Skill in preparing Test & Evaluation reports.
  • S0141   Skill in assessing security systems designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0171   Skill in performing impact/risk assessments.
  • S0271   Skill in reviewing and editing assessment products.
Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0023  Ability to design valid and reliable assessments.
  • A0040  Ability to translate data and test results into evaluative conclusions.
  • A0083  Ability to evaluate information for reliability, validity, and relevance.
  • A0084  Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.
  • A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.