Travelopia is looking for a talented Information Security Analyst to play a prominent role as the Group embarks on a global business transformation. Working closely with Group’s Chief Information Security Officer, the role offers a great opportunity for someone who has a passion for the subject, who is looking to express their ideas and be a force for positive change in information and cyber security across a diverse group of travel businesses globally.
The Group has a wide range of in-house technologies with a significant number of outsourced partnerships and is undergoing an aggressive transformation plan to adopt more cloud-based services and harnessing the opportunities of rationalising and standardising its platforms and environments. Therefore, there are continuous requirements to conduct security threat, risk, and capability maturity assessments. The Information Security Analyst will also have exposure to designing technical solutions to address specific security challenges and be able to provide operational security subject matter expertise to the IT support teams and the wider business.
What you will be doing:
You will undertake daily operational activities, particularly around vulnerability management, incident response assistance, IT change approvals and participating in development projects and initiatives, ensuring they meet acceptable and compliant security standards and information and cyber security risk is appropriately managed. You will impact on all the key domains of information security, with a particular emphasis on Payment Cardholder Industry Data Security Standard (PCI DSS) and Personally Identifiable Information (PII).
Travelopia is in the middle of preparing for GDPR where the security team works with the business and plays a pivotal role to ensure the Group is progressing towards compliance in 2018. You will provide assessments and audit support to ensure the IT teams meet the necessary control requirements.
- Developing and maintaining the in-house vulnerability management capability, implementing vulnerability scanning, reporting on risk exposure and providing risk prioritized remediation advisories and tracking progress
- Assisting in the development of the Information Security Management System (ISMS)
- Coordinating penetration tests (PT) with PT testing partners, IT and Development teams, acting as key point of contact for all security activities and advisories in relation to remediation and mitigation
- Implementing security controls in compliance with legislation and regulatory frameworks (e.g. DPA, PCI-DSS, HIPPA) and the Group Information Security Policies
- Implementing security methodologies and industry standards (e.g. ISO27001, NIST, SANS)
- Identifying and prioritising IT/ security compliance risks and recommending appropriate mitigating controls as required
Conducting risk assessments of changes, projects, programmes, services
- Providing recommendations to manage information security risk, including aligning projects to policies and standards
- Assisting with developing and reviewing corrective action plans to address the root cause and prevent reoccurrences of compliance issues
- Undertaking security gap analysis internally, of third parties and other partners
- Providing IT Security and compliance awareness
What we are looking for:
We are looking for an adaptable and proactive team worker who is able to prioritise effectively. The businesses has varying levels of information security maturity so a cool, calm, consultative approach is essential to ensure business buy-in and achieve the objective of both protecting and educating the business. With this in mind we are looking for:
- Exposure to multi-tier, web based and cloud based IT architectures
- Knowledge of security technologies (e.g. AV, SIEM, IAM, IPS, F/W, SSO, DLP)
- Knowledge of security assessment frameworks (e.g. threat modelling, controls and risk assessments)
- Experience in providing initial investigations of security incidents, escalating issues where necessary
- Experience using security information management tools
- Experience within security assessment tools particularly vulnerability scanning tools, SIEM, DLP and NAC
- A minimum 2 years’ experience in an active IT security role
- Working knowledge and experience of the ITIL framework
- Experience developing, managing and improving operational risk and compliance processes
- Excellent written and spoken communication skills
- An ability to deal with ambiguity and rapid change and cope well with pressure
- An ability to manage conflicting priorities, multitask and meet tight deadlines
- Experience working within a team environment delivering projects for production systems
- Knowledge of PCI DSS and PII (GDPR) requirements would be a benefit.
Working with us:
Operating across the globe including Europe, Australia, North America and Canada, we’re passionate about being the best and pride ourselves on the unique and diverse range of holiday experiences we offer our customers.
Travelopia is a pioneer in the specialist travel sector, with a portfolio of more than 50 independently operated brands, most of which are leaders in their sector. Sailing holidays, safaris, adventure holidays, sports tours, Arctic expeditions - our brands are as diverse as they are exciting, creating unforgettable experiences for customers across the world.
Join us and in return you'll be rewarded with:
- A competitive salary
- Various employee discounts and offers
- Childcare vouchers and cycle to work scheme
- Contributory Pension scheme
- Career progression opportunities
Please note that benefits are subject to change.
- Information Management
- Technology Security
- Information Architecture
- Information Security