At Travel Counsellors, we care about our customers, communities and our colleagues more than anyone else and that’s what makes us special. For us, relationships trump transactions and we are there for our customers, connecting with them on a deeply human level through the moments that matter.
We’ve been changing lives for over 26 years as the leading travel marketplace for self-employed travel entrepreneurs, empowering over 2,000 global independent travel agents to run successful leisure and corporate travel businesses as part of a company that truly cares and one that has never wavered from its purpose; to redefine what personal means for a travel business.
Our Travel Counsellors are supported by a team of over 250 super talented people in our Support Offices to help them create unique, inspiring and exciting experiences for their customers, building lasting personal relationships that brings them back to us, time and time again.
We’re fired up for the future as the demand for travel after COVID-19 returns even greater than before, and we’re looking for the brightest and the best to come and join us to take our business to the next level.
We’re looking for a Cyber Security Analyst to join our existing team in driving forward our information and Cyber Security programme. You will need to be adaptable and dynamic, with a range of experience across all areas of information and cyber security. You will lead the information and cyber security strategy and delivery across the global business.
Based at our Manchester Head Office, this global role is to manage information and cyber risk across the company. This will need someone willing to be hands-on and using tools to monitor and investigate activity, as well as support the design of, and implementing information and cyber security strategy.
Working collaboratively with key stakeholders, this role is critical to ensuring that the confidentiality, integrity and availability of key information assets are maintained and support the continued growth of the company. You will need to be able to effectively communicate with a range of stakeholders, both internal and external, translating technical issues for a non-technical audience.
The key to this role is to be able to work in a dynamic environment, effectively identifying priorities and working with others to develop strategies and approaches that support the business. You will be used to creating innovative solutions and adapting controls in an agile environment.
You’ll also support other areas of the business. This will include acting as a subject matter expert and advising stakeholders on information security risk. You will need to be able to effectively set and manage priorities, and ensure projects are completed. You will work closely with the Head of Platform Operations, Platform Infrastructure Manager and the Technology Service Desk Manager to manage and improve current strategies and processes.
You will be someone with 2-3 years’ experience in an information security role. Ideally you will have experience in both information security and cyber security and will be comfortable working on projects ranging from supplier risk assessments to designing authentication processes in apps, and everything in between. You will like to be challenged and be a self-starter.
Roles and Responsibilities
- Responsibility for supporting the management and operation the information security management system, including creating and maintaining security policies, standards, processes and procedures.
- Assessing and managing information and cyber risks to the business. This will include using threat intelligence sources and other tools to identify risks, designing controls and reporting risk management decisions.
- Reporting on the effectiveness of the ISMS using agreed metrics.
- Developing and operating the vulnerability management process. This will include operating the vulnerability scanner and managing findings through to resolution.
- Using modern cyber security tooling to identify, classify, investigate and resolve information and cyber security incidents across the global business.
- Leading the response to information and cyber security incidents. This will include managing all related policies and processes, and responsibility for all logging and reporting of incidents.
- With a wide range of stakeholders, including franchisees, you will continue to develop and manage the information security awareness programme across the global business. You will raise awareness of threats and good practices throughout the organisation.
- Managing audits, including scoping penetration tests and manging findings through to resolution.
- Managing supply chain security. You will risk assess suppliers and recommend appropriate controls.
- Monitor the external threat landscape to ensure that the company are able to make risk based decisions on relevant information.
- Supporting growth within the business you will work with other areas of the business and franchisees to respond to client requests for information security assurances.
Summary of Key Attributes & Qualifications
- Experience of using modern cyber security tooling such as such as Vulnerability Scanning, SIEM, IPS, IDS and EDR
- Experience of both hybrid on-premises and cloud solutions. Experience of Azure, O365 and AWS is desirable.
- Experience of both on-premise and azure active directory, including modern authentication techniques.
- Experience in managing and influencing multiple stakeholders, globally, and comfortable working across all levels of the company from customers to C-level executives. Interactions with other technical teams from the service desk to data and infrastructure will also play a key part of this role.
- Experience in an information, cyber or IT security role. The ideal candidate will have recognised qualifications in these areas.
- Experience of driving innovation and continuous improvement in information and cyber security.
- Well-developed technical understanding of IT systems, including practical experience using security tools.
- Experience of developing and managing policies, standards, processes, and procedures.
- Familiarity with common information security management standards, such as the ISO 27000 group of standards, Cyber Essentials, NIST and CIS.
- Knowledge of threats and good practices in secure software development.
- Excellent communications skills with the ability to develop sustainable relationships with key stakeholders.
- The ability to translate complex technical concepts to a non-technical audience.
- Experience leading and investigating security incidents.
- Experience and knowledge of data protection legislation and the practical implementation of regulations.