Associate Information Security Compliance Officer

**Company Overview**

At IMS, we're transforming the way the world drives. As a leading provider of connected car and telematics solutions, we deliver cutting-edge services and analytics to insurers, governments, and enterprises worldwide.

Our cloud-based DriveSync® platform is at the heart of what we do - an industry-recognized solution that empowers smarter decision-making and better driving outcomes. From enhancing road safety to enabling intelligent mobility strategies, our technology is designed to make driving safer and smarter for everyone, from global insurers to local governments and everyday drivers.

**Description**

At IMS, we’re on a mission to make driving safer and smarter through connected car and telematics innovation.

The **Associate Information Security Compliance Officer (AISCO)** is an important member of the IMS Information Security team, assisting in safeguarding the company’s data, infrastructure, and digital assets. This role helps to ensure that IMS’s security framework aligns with ISO27001, industry best practices, and legal and regulatory requirements. The AISCO will help carry out security audits, policy review, incident management, and continuous improvement of IMS’s cybersecurity posture along with adherence and adoption of relevant market regulations.

In this role, you will be responsible for:
**Security Compliance & Risk Management**
- Assist in the development, implementation, and enforcement of information security policies, standards, and procedures in compliance with ISO27001, GDPR, NIST, and SOC frameworks.
- Conduct internal security audits and coordinate external audits to assess compliance and effectiveness of security controls.
- Perform privacy impact assessments in line with regulatory requirements.
- Identify and assess cybersecurity risks across IMS systems and recommend appropriate remediation actions.
- Maintain all InfoSec framework certifications, ensuring compliance with regulatory and customer requirements.
- Collaborate with legal and compliance teams to ensure IMS meets data privacy laws and security regulations across different jurisdictions.

**Incident Detection, Response & Management**
- Monitor network and system logs for security incidents, unauthorized access, or vulnerabilities.
- Investigate security breaches, analyze attack vectors, and document security incidents, including impact assessments and recommended mitigations.
- Maintain incident response plans (IRPs) to ensure rapid and effective response to security events.
- Coordinate forensic analysis and liaise with law enforcement or regulatory agencies when required.
- Ensure security alerts are appropriately triaged, investigated, and escalated following IMS security protocols.

**Third-Party Security Assessments**
- Conduct risk assessments and security audits for IMS’s third-party vendors, partners, and suppliers.
- Work with external security consultants to evaluate and approve new third-party integrations.
- Ensure third parties comply with IMS’s security and data protection requirements before onboarding.
- Review and update vendor security contracts, ensuring alignment with IMS security standards.

**Customer Security Assessments**
- Complete security questionnaires and assessments from current and prospective clients.
- Facilitate remote and onsite data privacy audits with IMS customers.
- Review contractual security clauses and verify operational adherence.

**Security Operations & Infrastructure Protection**
- Oversee the implementation and operation of firewalls, intrusion detection systems (IDS), endpoint protection, data loss protection (DLP) tools, and other security solutions.
- Work closely with IT and DevOps teams to ensure secure cloud architecture and adherence to IAM (Identity & Access Management) policies.
- Maintain encryption, access control, and authentication protocols to secure sensitive data.
- Assist with the co-ordination of regular penetration testing and vulnerability scanning to assess security posture.
- Monitor emerging cybersecurity threats and recommend updates to IMS security technologies and defenses.
- Oversee the continual development and testing of Business Continuity (BC) and Disaster Recovery (DR) plans.

**Policy Development & Employee Training**
- Assist within the update of information security policies, ensuring they reflect evolving threats and business needs.
- Conduct company-wide security awareness training to educate employees on best practices, phishing prevention, and data protection.
- Serve as an internal security advisor, providing guidance to IT teams, leadership, and employees on secure operations.
- Check for adherence to secure coding practices for IMS software development teams.

**Continuous Improvement & Industry Trends**
- Stay informed on latest cybersecurity trends, threats, and evolving regulatory requirements.
- Research and suggest innovative security technologies to enhance IMS’s resilience against cyber threats.
- Dri