Information Security and Risk Manager

Role:
Information Security and Risk Manager

Location:
Aberford Leeds

Contract:
Permanent

Working:
Hybrid 3 days in the office

As MICHELIN Connected Fleet, a division of the Michelin Group, leader in sustainable mobility for 130 years, we specialise in connected fleet management services and solutions. We are a market leader with over 30 years expertise in a high-growth, competitive mobility technology industry. Today we serve 70,000 customers and over 600,000 vehicles globally, growing more than 10% per year, and entering at the rate of 3 new markets a year. Backed by Michelin Group and operating under the Michelin Connected Fleet name, we intend to be a major player in this market in the coming years.

OUR DREAM

We know our planet is at risk and we urgently need to find innovative ways to protect it. At Michelin, pioneering is what we do: We are innovating constantly, to explore new opportunities, with, around and beyond tires to lead the way in sustainable mobility. Our people act for change, with respect, and as leaders. We care about giving people a better way forward. Our dream is rooted in a single purpose: by 2050, Michelin will be recognised as a critical innovation leader that helped humanity conquer new frontiers. And we all work hard every day to realise this dream.

OUR PEOPLE & WAYS OF WORKING

At MICHELIN Connected Fleet, agility is not a word - it's a lifestyle. We gather entrepreneurial minds who are not afraid to fail fast and learn quickly, every day. We think long term and act short term, we grow fast and love what we do. We believe in an inclusive working environment, building teams with a variety of backgrounds, skills, views and opinions. Among our 400 employees in Europe, we proudly benefit from around 30 nationalities. We thrive because of the diverse background and talent of our people. We nurture our team's growth with several company wide development programs - including our Diversity, Mentoring and Sustainability programs.

THE ROLE IN SHORT:

As the Information Security and Risk Manager, you are the central leader responsible for the company's overall security and compliance posture. You will manage the entire Information Security Management System (ISMS), ensuring the continuous maintenance of the ISO 27001 standard and leading the comprehensive risk management program.

Your duties include coordinating internal and external audits, ensuring effective tracking of strategic security objectives and KPIs, and overseeing all security incident response and resolution efforts.

WHAT WILL I BE DOING:

• Lead and manage the end-to-end Information Security Management System (ISMS), ensuring continued ISO 27001 compliance.
• Drive information risk management across the organisation, including identification, assessment, treatment, and ongoing tracking of risks, non-compliances, and associated action plans.
• Coordinate Information Asset Owners (IAOs) to review the ISMS, maintain up-to-date asset profiles, and ensure all major risks have defined treatment plans.
• Manage security incidents, taking responsibility for investigation, resolution, post-incident reporting, and leading ad-hoc response teams during critical situations.
• Develop and implement strategies for raising information security awareness, including creating and disseminating training materials (in-person, e-learning, and intranet).
• Organise and coordinate security audits (internal, external, customer, and penetration tests), manage the collection of evidence, and track findings through to resolution.
• Animate "Security by Design" meetings and review proposed architectures with engineering teams from a security perspective.
• Provide expert advice to senior management on the organisation's information risk profile and the status of risk treatments.
• Manage and update all essential ISMS documentation, including translation (French), and ensure maintenance of the ISMS and related projects (e.g., Jira).
• Regularly audit information systems and business processes, assessing risks, internal controls, and compliance with relevant laws and statutes to drive continuous improvement.

TO BE SUCCESSFUL YOU WILL LIKELY HAVE:

• A spirit of analysis and being proactive in solving problems or internal dysfunction.
• Have good communication skills and be a good teacher
• Ability to work independently and with ad hoc teams
• Rigour, precision and attention to details
• Writing skills
• Ensuring technological and regulatory watch
• IT tools skills (Microsoft Office/Google Workspace/Jira)
• Policies and procedures related to information security, in particular ISO 27001
• Project management techniques
• Control of the audit activity: procedure, implementation, management and control missions
• Specific experience with Quantitative Risk Analysis methodologies
• Knowledge of core security controls and technologies across domains (network, cloud, application)
• Experience defining, collecting, and visualizing Key Performance Indicators (KPIs)
• Fluent and technical English, French is a plus

Work life balance is important to us at Michelin Connected Fleet, so we offer our teams as much flexibility as possible in line with the needs of their role. We trust our teams to know how they work best, combining remote and collaborative working, with a flexible approach to hours. This allows our people the time and space for life outside of work.