Job Description
At Arrival, our team is creating best-in-class electric vehicles using a radical new method of design and production. We work with some of the world's leading businesses and governments to achieve our goal of redefining mobility and transport ecosystems, transforming how people and goods travel and enhancing urban environments for all communities.
Innovation, rapid development and testing help us to push the boundaries. Our New Method takes our portfolio of patented technologies created in-house, and combines it with assembly in Arrival Microfactories. It’s a groundbreaking approach, leading to products with maximum functionality, peak efficiency, and an elevated experience at a much more competitive price than other electric vehicles, and even fossil fuel vehicles.
Arrival is a start-up Electric Vehicles (EV) manufacturing company. At Arrival, we are reinventing both the design and production of electric vehicles for end-to-end sustainability. Only true innovation of both products and processes can deliver the radical impact we need to combat the worst effects of the climate crisis.
About the role: As the CISO, you will take the lead role in defining and implementing Arrival’s Information Security strategy and program. The successful candidate will ensure compliance within Legal and Business requirements including technical and organisational controls for compliance with GDPR and ISO21434 and R155/R156 regulations. Working alongside the Product Security team, you will be expected to implement controls and requirements that meets the new global regulations for EVs. To be successful in this role you will also need to identify any potential compliance gaps, ensuring all identified issues are assessed, tracked and mitigated, whilst also supporting the businesses in managing any security incident or data breach. You proactively manage Information Security, Data Protection and Risk, which includes assessing, onboarding and maintaining industry standard frameworks. You are on top of the industry's latest threats and work with Product and Technology teams to ensure incidents are detected in a timely manner, effectively responded to using mitigation and remediation to ensure that future occurrences are prevented.
Main responsibilities:Lead the Information Security function for Arrival. This is a global role covering Arrival operations in US, UK, Georgia and EU.Define, manage and implement Arrival’s Information Security strategy.Present regular updates on the state of security to the leadership team, Audit and Risk Committees.Respond to security incidents in a timely manner, ensuring that all inputs are captured and that the incident is responded to appropriately including physical security incidents.Manage the Information Security team.Implement and improve security policies and procedures and GDPR/DPA, R155/R156 and ISO 21434 (Cyber Security for Road Vehicles) and ISO 27001, Information Security aspects of SOX (Sarbanes Oxley) compliance.Implement and improve security policies, guidance, plans and procedures.Facilitate and manage ongoing training for the organisation on securityBuild and maintain good working relationship with the Arrival teams (facilities, and external vendors)Identify, manage and recommend actions for Information Security risks, including reporting, recording and reviewing all Information Security risks.Responsible for physical security policy, controls and requirements definitionsOperationally manage vendors critical to the security of Arrival, including attending account management meetings and dealing with requests and receiving alerts/issues detected by the vendor.Provide reporting and dashboarding on the status as well as improvement plans of the security posture of the company to senior leadership team.Ensure that business continuity and disaster recovery plans are in place and their scheduled testing, updates and reviews.Providing direction and guidance on Information Security matters to Arrival departments and teams, working closely with peers.Manage third-party Information Security due diligence processes for all third parties that have an impact on the security of Arrival data and operations, ensuring that Arrival agreements and contracts have appropriate security clauses and requirements.Work closely with peers to establish and manage a secure product lifecycle program including SDLC.
Role requirements:At least 5 years of experience in a similar role.Must be able to manage security programs for Arrival across multiple time zones including US, UK, EU and Georgia.Strong hands-on experience is an advantage.Must have extensive experience introducing, maintaining security standards and frameworks (e.g. ISO 27001, NIST, OWASP).Must have experience in leading Security Incident Response program.Must have strong working knowledge of Secure Development Life Cycle (SDLC).Must have In-depth knowledge and experience with security compliance frameworks f
Job Specification