We pride ourselves on being travel authorities. Owning the way when it comes to providing outstanding travel experiences, our brands offer the worlds best polar expeditions, wildlife safaris, cultural tours, yachting adventures and more.
The Group has a wide range of in-house technologies with a significant number of outsourced partnerships and is undergoing an aggressive transformation plan to adopt more cloud-based services and harnessing the opportunities of rationalising and standardising its platforms and environments. Therefore, there are continuous requirements to conduct security threat, risk, and capability maturity assessments.
What you will be doing
- As the information Security Risk Analyst, you will report to the Head of Security Culture and Programme Management and assist with:
- Supporting the Information Security Governance, Risk and Compliance function by assisting with the implementing of the overall Information Security risk management strategy.
- Assist with providing technical oversight of Information Security across Travelopia businesses, ensuring Information security risks are identified, communicated, and managed appropriately.
- Input into evaluating, prioritizing, tracking and timely mitigation of Information Security risks.
- Performing internal and external Information Security risk assessments, encompassing all of technology, people, and processes.
- Assist with the management the third-party risk assurance program.
- Support with organizing and conducting internal audits and providing support for external audits.
- Providing support to the Information Security Awareness and Training programs.
- Supporting the development, dissemination and regular reviews of the Information Security policy sets, Standards, and guidelines.
- Assisting other members of the team in the management of the overall Information Security function.
- Understanding of Threat, Vulnerability and Information Security Risk concepts and mitigations.
- Knowledge of Information Security Risk Assessment methodologies (i.e., NIST) and security standards (ISO 270001 and PCI DSS)
- Good knowledge of data privacy and regulatory frameworks, including the GDPR.
- Ability to effectively communicate Information Security issues to stakeholders at various levels, both in writing and verbally
- Cyber/Information Security related certification desirable (e.g., CISM, CISSP etc)
This is a hands-on role in a rapidly changing environment. As part of a small but dedicated team, you will gain exposure to a wide variety of systems and architectures, and opportunities for development are available for the right candidate.
Join us and in return you'll be rewarded with:
- Competitive salary
- Various employee discounts and offers
- Career progression opportunities
Together we will cultivate a diverse, equitable and inclusive environment, where everyone can thrive. We are committed to driving change through increasing awareness of, and counteracting, unconscious bias; building an inclusive culture, and embracing diversity in all its dimensions.