Cyber Security Manager
At Travel Counsellors, we care about our customers, communities and our colleagues more than anyone else and that’s what makes us special. For us, relationships trump transactions and we are there for our customers, connecting with them on a deeply human level through the moments that matter.
We’ve been changing lives for over 26 years as the leading travel marketplace for self-employed travel entrepreneurs, empowering over 2,000 global independent travel agents to run successful leisure and corporate travel businesses as part of a company that truly cares and one that has never wavered from its purpose; to redefine what personal means for a travel business.
Our Travel Counsellors are supported by a team of over 250 super talented people in our Support Offices to help them create unique, inspiring and exciting experiences for their customers, building lasting personal relationships that brings them back to us, time and time again.
We’re fired up for the future as the demand for travel after COVID-19 returns even greater than before, and we’re looking for the brightest and the best to come and join us to take our business to the next level.
We’re looking for a Cyber Security Manager to join our existing team in driving forward our Cyber Security programme. You will need to be adaptable and dynamic, with a range of experience across all areas of cyber security. You will need a solid and robust technical background with experience of working with platform, software and data engineering teams. You will lead the Cyber security strategy and delivery across the global business. Your passion, resilience and enthusiasm for leading a growing Cyber security function within a modern digital platform will be a key element to influencing priorities within the business to drive our security posture forward.
Based at our Manchester Head Office, this global role is to manage Cyber risk across the company. This will need someone willing to be hands-on and using tools to monitor and investigate activity, as well as support the design and implementation of our Cyber security strategy. You will additionally need to be able to easily liaise with stakeholders of all levels from Customers to Senior managers and executives.
Working collaboratively with key stakeholders, this role is critical to ensuring that the confidentiality, integrity and availability of key information assets are maintained and support the continued growth of the company. You will need to be able to effectively communicate with a range of stakeholders, both internal and external, translating technical issues for a non-technical audience.
The key to this role is to be able to work in a dynamic environment, effectively identifying priorities and working with others to develop strategies and approaches that support the business. You will be used to creating innovative solutions and adapting controls in an agile environment.
You’ll also support other areas of the business. This will include acting as a subject matter expert and advising stakeholders on information security risk. You will need to be able to effectively set and manage priorities, and ensure projects are completed.
You will be someone with 2-3 years’ experience in an information/cyber security role. Ideally you will have experience in both information security and cyber security and will be comfortable working on projects ranging from supplier risk assessments to designing authentication processes in apps, and everything in between. You will like to be challenged and be a self-starter.
Roles and Responsibilities
- Responsible for the maintenance and continued improvement of our Cyber Security Posture including our cyber landscape mapping, alignment to cyber security frameworks and automating our protect, detect and response in real-time tools and techniques.
- Build, develop and evolve our Cyber Security Toolkit including Policy, risk management, insights and operations to drive an effective, pragmatic and outcomes driven capability to mature our cyber security posture.
- Assessing and managing Cyber security risks to the business. This will include using threat intelligence sources and other tools to identify risks, designing controls and reporting risk management decisions.
- Owning, maintaining and risk assessing our digital footprint from a cyber security perspective to ensure that all risks are known and appropriately managed.
- Developing and operating the vulnerability management and attack surface management processes. This will include owning and operating our cyber security tooling to identify risks and manage them through to resolution.
- Using modern cyber security tooling to identify, classify, investigate and resolve information and cyber security incidents across the global business.
- Manage and improve the effectiveness and value generated from our cyber tooling investments
- Drive a positive Cyber security influence and culture adoption within the other Travel Counsellors teams, including technical engineering teams such as Platform Engineering, Software Engineering and Data Engineering.
- Leading the response to Cyber security incidents. This will include managing all related policies and processes, and responsibility for all logging and reporting of incidents.
- With a wide range of stakeholders, including franchisees, you will continue to develop and manage the information security awareness programme across the global business. You will raise awareness of threats and good practices throughout the organisation.
- Managing technical audits, including scoping penetration tests and manging findings through to resolution.
- Managing supply chain cyber security. You will risk assess suppliers and recommend appropriate controls.
- Monitor the external threat landscape to ensure that the company are able to make risk-based decisions on relevant information.
- Supporting growth within the business you will work with other areas of the business and franchisees to respond to client requests for information security assurances.
- Support the management and operation the information security management system, including creating and maintaining security policies, standards, processes and procedures.
Summary of Key Attributes & Qualifications
- Experience of using modern cyber security tooling such as such as Vulnerability Management, SIEM, IPS, IDS and MDR
- Experience of working in both hybrid on-premises and cloud solutions.
- Experience of managing a digital platform at scale across on-premise datacenters, Azure, O365 and AWS.
- Experience of both on-premise and azure active directory, including modern authentication techniques.
- Experience in managing and influencing multiple stakeholders, globally, and comfortable working across all levels of the company from customers to C-level executives. Interactions with other technical teams from the service desk to data and infrastructure will also play a key part of this role.
- Experience in an information, cyber or IT security role. The ideal candidate will have recognised qualifications in these areas.
- Experience of driving innovation and continuous improvement in information and cyber security.
- Well-developed technical understanding of IT systems, including practical experience using security tools.
- Experience of developing and managing policies, standards, processes, and procedures.
- Familiarity with common information security management standards, such as the ISO 27000 group of standards, Cyber Essentials, NIST and CIS.
- Knowledge of threats and good practices in secure software development.
- Excellent communications skills with the ability to develop sustainable relationships with key stakeholders.
- The ability to translate complex technical concepts to a non-technical audience.
- Experience leading and investigating security incidents.
- Experience and knowledge of data protection legislation and the practical implementation of regulations.