Founded 26 years ago, Travel Counsellors is the UK’s leading travel marketplace for self-employed travel agents with a growing international presence. Private equity backed by Vitruvian Partners, well-known for backing exceptional entrepreneurs and management teams in companies creating sustainable high growth or strategic value through change and transformation, our disruptive model enables over 1,800 independent travel entrepreneurs to create home-based travel businesses using a high touch, service-led approach to target a wide range of leisure and corporate travel customers.
With our own sophisticated and proprietary technology (Phenix), 2019 was the Company’s 17th year of consecutive double-digit growth with a total transaction value (TTV) surpassing £650million for the first time and with a UK leisure travel market valued at £6bn, we believe our aim to ‘scale with intimacy’ will help drive our mission to transform the travel experiences for our customers and the lives of our Travel Counsellors, colleagues and communities.
Multi-award winning as a result of a business model that is powered by our people and unique sense of community, we’re more confident than ever that our business will be even more valuable in a post-pandemic world as we look to capitalise on a consumer group looking for personal service from a travel provider whilst offering a life-changing experience for our global Travel Counsellors community.
We’re looking for an experienced information and cyber security manager to drive forward the existing information and cyber security programme. You will need to be adaptable and dynamic, with a range of experience across all areas of information and cyber security. You will lead the information and cyber security strategy and delivery across the global business.
Based at our Manchester Support Office, this global role is to manage information and cyber risk across the business. This will need someone willing to be hands-on and using tools to monitor and investigate activity, as well as designing and implementing information and cyber security strategy.
Working collaboratively with key stakeholders, this role is critical to ensuring that the confidentiality, integrity and availability of key information assets are maintained and support the continued growth of the business. You will need to be able to effectively communicate with a range of stakeholders, both internal and external, translating technical issues for a non-technical audience.
The key to this role is to be able to work in a dynamic environment, effectively identifying priorities and working with others to develop strategies and approaches that support the business. You will be used to creating innovative solutions and adapting controls in an agile environment.
You’ll also support other areas of the business. This will include acting as a subject matter expert and advising stakeholders on information security risk. You will need to be able to effectively set and manage priorities, and ensure projects are completed. You will work closely with the Head of IT Operations and the Technology Service Desk Manager to manage and improve current strategies and processes.
You will be someone with several years’ experience in an information security role. Ideally you will have experience in both information security and IT security and will be comfortable working on projects ranging from supplier risk assessments to designing authentication processes in apps, and everything in between. You will like to be challenged and be a self-starter.
Adding Value to Travel Counsellors
You’ll be the go-to person for all matters relating to information and cyber security. This will involve working with stakeholders across the breadth of the business, and at all levels within the organisation. You will need to have a practical approach to risk management, working with stakeholders to communicate risk and design controls that support the business in meeting its objectives.
This is a role that combines information, cyber and IT security. You will need to work with technical and non-technical users, as well as franchisees and on occasion clients and customers. The Information and Cyber Security Manager will be working on the following:
- Responsibility for managing and operating the information security management system, including creating and maintaining security policies, standards, processes and procedures.
- Assessing and managing information and cyber risks to the business. This will include using threat intelligence sources and other tools to identify risks, designing controls and reporting risk management decisions.
- Reporting on the effectiveness of the ISMS using agreed metrics.
- Ensuring and reporting PCI-DSS compliance annually. You will be the SME for PCI-DSS compliance across the business.
- Developing and operating the vulnerability management process. This will include operating the vulnerability scanner and managing findings through to resolution. Experience of Tenable products is desirable.
- Leading the response to information and cyber security incidents. This will include managing all related policies and processes, and responsibility for all logging and reporting of incidents.
- Working with the legal team you will advise on data protection issues.
- With a wide range of stakeholders, including franchisees, you will continue to develop and manage the information security awareness programme across the global business. You will raise awareness of threats and good practices throughout the organisation.
- Managing audits, including scoping penetration tests and manging findings through to resolution.
- Managing supply chain security. You will risk assess suppliers and recommend appropriate controls.
- Supporting growth within the business you will work with other areas of the business and franchisees to respond to client requests for information security assurances.
Skills & Experience Required
- Able to work in an agile, high pressured environment and can respond quickly to stakeholder needs
- Experience in managing and influencing multiple stakeholders, globally, and comfortable working with C-level executives
- Significant experience in an information, cyber or IT security role. The ideal candidate will have recognised qualifications in these areas.
- Experience of driving innovation and continuous improvement in information and cyber security.
- Well developed technical understanding of IT systems, including practical experience using security tools.
- Experience of developing and managing policies, standards, processes, and procedures.
- Familiarity with common information security management standards, such as the ISO 27000 group of standards.
- Knowledge of threats and good practices in secure software development.
- Excellent communications skills with the ability to develop sustainable relationships with key stakeholders.
- The ability to translate complex technical concepts to a non-technical audience.
- Experience leading and investigating security incidents.
- Experience and knowledge of data protection legislation and the practical implementation of regulations.
- Ability to prioritise and the perseverance and persistence needed to manage tasks through to completion.
- Working with hybrid on-premises and cloud solutions. Experience of Azure, O365 and AWS is desirable.