Chief Information Security Officer

At Arrival, our team is creating best-in-class electric vehicles using a radical new method of design and production. We work with some of the world's leading businesses and governments to achieve our goal of redefining mobility and transport ecosystems, transforming how people and goods travel and enhancing urban environments for all communities.

Innovation, rapid development and testing help us to push the boundaries. Our New Method takes our portfolio of patented technologies created in-house, and combines it with assembly in Arrival Microfactories. It’s a groundbreaking approach, leading to products with maximum functionality, peak efficiency, and an elevated experience – at a much more competitive price than other electric vehicles, and even fossil fuel vehicles.

 

Arrival is a start-up Electric Vehicles (EV) manufacturing company. At Arrival, we are reinventing both the design and production of electric vehicles for end-to-end sustainability. Only true innovation of both products and processes can deliver the radical impact we need to combat the worst effects of the climate crisis.

As the CISO, you will take the lead role in defining and implementing Arrival’s Information Security strategy and program. The successful candidate will ensure compliance within Legal and Business requirements including technical and organisational controls for compliance with GDPR and ISO21434 and R155/R156 regulations. Working alongside the Product Security team, you will be expected to implement controls and requirements that meets the new global regulations for EVs. To be successful in this role you will also need to identify any potential compliance gaps, ensuring all identified issues are assessed, tracked and mitigated, whilst also supporting the businesses in managing any security incident or data breach. You proactively manage Information Security, Data Protection and Risk, which includes assessing, onboarding and maintaining industry standard frameworks. You are on top of the industry's latest threats and work with Product and Technology teams to ensure incidents are detected in a timely manner, effectively responded to using mitigation and remediation to ensure that future occurrences are prevented.

Lead the Information Security function for Arrival. This is a global role covering Arrival operations in US, UK, Georgia and EU. Define, manage and implement Arrival’s Information Security strategy. 

Present regular updates on the state of security to the leadership team, Audit and Risk Committees. 

Respond to security incidents in a timely manner, ensuring that all inputs are captured and that the incident is responded to appropriately including physical security incidents.

Manage the Information Security team. 

Implement and improve security policies and procedures and GDPR/DPA, R155/R156 and ISO 21434 (Cyber Security for Road Vehicles) and ISO 27001, Information Security aspects of SOX (Sarbanes Oxley) compliance.

Implement and improve security policies, guidance, plans and procedures.

Facilitate and manage ongoing training for the organisation on securityBuild and maintain good working relationship with the Arrival teams (facilities, and external vendors)Identify, manage and recommend actions for Information Security risks, including reporting, recording and reviewing all Information Security risks.

Responsible for physical security policy, controls and requirements definitions Operationally manage vendors critical to the security of Arrival, including attending account management meetings and dealing with requests and receiving alerts/issues detected by the vendor.

Provide reporting and dashboarding on the status as well as improvement plans of the security posture of the company to senior leadership team.

Ensure that business continuity and disaster recovery plans are in place and their scheduled testing, updates and reviews. 

Providing direction and guidance on Information Security matters to Arrival departments and teams, working closely with peers.

Manage third-party Information Security due diligence processes for all third parties that have an impact on the security of Arrival data and operations, ensuring that Arrival agreements and contracts have appropriate security clauses and requirements.

Work closely with peers to establish and manage a secure product lifecycle program including SDLC.

At least 5 years of experience in a similar role.

Must be able to manage security programs for Arrival across multiple time zones including US, UK, EU and Georgia.

Strong hands-on experience is an advantage.

Must have extensive experience introducing, maintaining security standards and frameworks (e.g. ISO 27001, NIST, OWASP).

Must have experience in leading Security Incident Response program.

Must have strong working knowledge of Secure Development Life Cycle (SDLC).

Must have In-depth knowledge and experience with security compliance frameworks for SOX, PCI and GDPR.

Must have experience building relationships across the business to get adoption on Information Security practices.

Essential experience in a highly technical environment.

Must have experience communicating to different stakeholders and levels in an organisation.

Must have excellent writing skills in English and experience in writing succinct and understandable policies, risk statements and incident reports.Proven track record of ownership and driving deliverables through to completion.

Well organised, focussed with strong attention to detail.

Ability and experience in working at the operational and strategic levels.

Ability to work in a fast-paced environment while maintaining attention to detail.

Essential to have relevant professional certification (ISO 27001/CISM/CISSP).

London based with regular travel to Bicester and Banbury.

People oriented but with technically minded.

Business acumen and can prioritize what is important to the business and what is not a priority.

Flexible in approach and finds different ways of achieving a goal.

Has presence and is able to communicate difficult topics and gets buy in to required changes.

Flexible in approach and finds different ways of achieving a goal.

Benefits are an essential part of your total compensation for the work you do every day. Whether you’re single, in a growing family, or nearing retirement, we offer a variety of comprehensive and competitive benefit programs to meet your needs. That's why we're pleased to offer all employees full access to our comprehensive benefits package. This includes:

● Competitive salary.

● 24 days holiday. 

● Generous pension scheme.

● Remote / Hybrid / Office based working available (with at least 2 days in the office).

At Arrival we want all of our employees to feel comfortable bringing their passion, creativity and individuality to work. We value all cultures, backgrounds and experiences, as we truly believe that diversity drives innovation. Join our mission to bring better, more sustainable transportation to communities around the world.