Security GRC Analyst

We're looking for a Security GRC Analyst to join our European Information Security team and play a key part in strengthening our cyber resilience, maturing our governance processes, and enabling secure innovation across multiple brands and markets.

?? Why Join Us?

At Cox Automotive Europe, security isn't a blocker - it's an accelerator.You'll work within a collaborative security team that partners closely with engineering, technology, product and business teams across the UK and Europe. You'll have the opportunity to influence how governance, risk and compliance shape our platforms, services and operational landscape.

You'll also work closely with our global Enterprise Risk & Security teams in the US, giving you exposure to world-class security practices and the chance to help localise and embed them across Europe.

?? What You'll Be Doing

As our Security GRC Analyst, you will support a broad range of governance, risk and compliance activities that underpin our European security posture - including:

Responding to customer assurance requests, security questionnaires and audit requirements

Managing supplier assurance assessments and third-party risk reviews

Helping maintain and improve security policies, standards and supporting documentation

Supporting risk identification, assessment and governance processes across CAPTG Europe

Coordinating security evidence and documentation for certifications (ISO, SOC, etc.)

Assisting with compliance reviews for projects, new services and M&A activity

Maintaining security documentation for legal and regulatory obligations

Collaborating with UK, European and global security teams to align GRC practices

Supporting security incidents from a governance and documentation perspective

Driving continuous improvement and helping embed security into everyday operations

2+ years in information security or governance, risk & compliance

Solid understanding of cloud (AWS/Azure), infrastructure and software development concepts

Familiarity with core frameworks such as ISO 27001, SOC 2, GDPR

Experience with customer assurance, audits, or compliance questionnaires

Supplier assurance / third-party risk management expertise

Excellent communication, organisation and stakeholder-management skills

Desirable

GRC tooling or platform experience

Knowledge of risk methodologies

Certifications such as CISM, CRISC

Understanding of PCI-DSS

Exposure to secure development practices or cloud security principles

Cox Automotive is the world's largest automotive services organisation - powering digital, data and physical solutions across the entire vehicle lifecycle. Behind that capability sits a modern, forward-thinking Information Security function designed to safeguard our people, our customers, and our data.