IT Risk Manager - London, United Kingdom - Collinson

Description

Collinson is the global, privately-owned company dedicated to helping the world to travel with ease and confidence. The group offers a unique blend of industry and sector specialists who together provide market-leading airport experiences, loyalty and customer engagement, and insurance solutions for over 400 million consumers.

Collinson is the operator of Priority Pass, the world's original and leading airport experiences programme. Travellers can access a network of 1,500+ lounges and travel experiences, including dining, retail, sleep and spa, in over 650 airports in 148 countries, helping to elevate the journey into something special. We work with the world's leading payment networks, over 1,400 banks, 90 airlines and 20 hotel groups worldwide.

We have been bringing innovation to the market since inception – from launching the first independent global VIP lounge access Programme, Priority Pass to being the first to sell direct travel insurance in the UK through Columbus Direct and creating the first loyalty agency of its kind in the travel sector with ICLP. Today we still invest heavily in innovation to ensure that we continue to deliver superior customer experiences.

Key clients include Visa, Mastercard, American Express, Cathay Pacific, British Airways, LATAM, Flying Blue, Accor, EasyJet, HSBC, Chase, HDFC.

Our mission is focused on doing good beyond profit, which for us means we seek out opportunities for our people to share in our success and that we give back to the communities and people within which we work.

Never short of ambition, the success of our business is delivered through the diverse and talented team of over 1,800 global colleagues.

Purpose of the job

This role is a crucial part of the first line of defence (FLOD) of the Collinson Insurance organisation.

This will be achieved by:

1. Providing guidance, expertise and coordinating all FLOD activities to meet regulatory, industry and best practice requirements associated with the technology and data estate for the Insurance organisation.

2. Acting as the go-to person for IT risk related matters, supporting the Head of Engineering in fulfilling all activities for the FLOD, including maintaining adherence to all IT General Controls, FCA/PRA guidelines, Maltese Financial Services Authority (MFSA) guidelines, and the requirement of the European Digital Operational Resiliency Act (DORA), and related regulations and guidelines. Advocating for all IT risk controls and risk management across the organisation.

3. Coordination with all internal and external second and third line of defence functions, and other compliance and control functions across the enterprise.

Ultimately, this role is focused on ensuring that all IT and data risks are assessed, managed and their impact reduced, in line with a regulated operating company, and will be responsible for identifying, analysing and influencing the management of information and data risks across the organisation.

Key Responsibilities

• Accountable for all FLOD activities, processes, improvements, strategy for all technology and data assets for the Insurance organisation, working closely with other responsible roles across the organisation.

• Ensure that the appropriate internal controls are designed, implemented and maintained for all IT and data risk areas.

• Provide assurance that all controls are operating effectively, using key indicators and regular reviews. Be a key coordinator and contributor to the monthly Technology Risk and Cyber Security working group.

• Report regularly on key indicators and overall health of the IT and data controls framework to committees, boards and 3rd party groups in scope.

• Help educate and consult with the organisation on best practice control design.

• Perform focused information and data risk assessments of existing or new services and technologies, along with business counterparts.

• Actively engage in and contribute to agile planning and design sessions, and help product owners prioritise IT risk, security and data risk items.

• Provide consultative advice to technology, product and service teams that enables them to suggest informed risk management decisions, based on industry best practice, regulatory guidelines and rules and latest legislation, also ensuring security and data protection by design.

• Identify and facilitate implementation of appropriate controls to effectively manage information

and data risks as needed. Maintaining and issuing draft policies as needed for the areas in scope.

• Identify opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

• Work closely with other second and third line of defence teams, including Group CISO, Insurance and Group Risk and Compliance and Internal Audit teams.

• Stay abreast of industry-wide best practice, regulatory changes and legislation changes pertinent to all aspects of the Insurance business and directs changes needed to ensure alignment with FLOD activities.

• Seek opportunities to mature the IT and data risk framework and achieve and maintain industry recognised accreditations.

• Ensure robust and effective security and data incident management practices are in place, with continuous improvements sought. Take the lead on incident and problem management of priority (P1 and P2) security and data incidents that affect the Insurance organisation, to their satisfactory conclusion, coordinating with Group Data Protection Officer, CISO and external parties as needed.

Knowledge, skills and experience required

• A good practical knowledge of IT security technologies and wider business solutions including Firewalls, IDS/IPS, identity and access management, SIEM, remote working and cloud technologies.

• An understanding of application security threats and countermeasures.

• An understanding of current and emerging information security threats and countermeasures and the organisational challenges to addressing these threats.

• Solid understanding of IT risk frameworks, and practical experience of using and deploying frameworks for business advancement, regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800)

• An understanding of legislation and regulations that impact information Security e.g., GDPR.

• Experience managing security governance within AWS and Azure environments.

• The ability to work within a security framework and to articulate its potential as a tool for continuous improvement.

• Demonstrable experience in a FLOD role, ideally as an IT Risk Analyst or Manager in a regulated industry, ideally Insurance.

• Evidence of continuous improvements being made in the IT and Data Risk areas

• Comfortable working in a fast-paced commercially focused environment.

• Ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• Ability to build strong relationships and influence decisions with internal and external stakeholders.

• The ability to cut through organisational barriers to achieve the overall goal.

• Good analytical skills and the ability to challenge the norm.

• The ability to be pragmatic and balance the commercial needs of Collinson with security and data protection requirements.

• Qualification or experience with Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA) is desirable.

• Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity and data protection areas in a way that consistently drives objective, fact-based decisions about risk that optimise the trade-off between risk mitigation and business performance.

Personal Specification:

• An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one's network within an organization.

• An ability to apply original and innovative thinking to produce new ideas.

• An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.

• An ability to effectively influence others to modify their opinions, plans or behaviours.

• Excellent prioritisation capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

• Strong problem-solving and troubleshooting skills.

• Have good judgment and a sense of urgency, and demonstrate commitment to high standards of ethics, regulatory compliance, customer service and business integrity.

• Self-motivated and possessing a high sense of urgency and personal integrity.

• Highest ethical standards and values.

• The ability to demonstrate through examples, the effective management of stakeholder relationships at all levels internally and externally

• Excellent written and spoken English

• Personable, enthusiastic and a good communicator (ability to present, inform and guide others)

• Ability to bridge communications between technical and business focussed groups

• Ability to thrive in a fast moving and changing environment

• Comfortable working with people at all levels in an organisation

• Ability to show initiative and to work independently

• Willingness to take on a variety of roles and responsibilities

• Ability to build and use positive relationships with your team, business, and technology partners

Collinson is an equal opportunity employer and welcomes differences in all their forms including: colour, race, ethnicity, gender identity, sexual orientation, neurodivergence, family status, age, individuals with disabilities and people from all backgrounds, cultures and experiences as we strongly believe this contributes to our on-going success.

We are focused on continually evolving our purpose driven, high performing culture, providing an environment where our people have the opportunity to achieve their full potential and do interesting and meaningful work. Our company values are: Act smarter, Do the right thing, One team and Be insight led. These help guide everything we do internally in terms of how we think, act and interact, right through to how we deliver value to our customers and clients.

In your application, please feel free to note which pronouns you use (For example - she/her/hers, he/him/his, they/them/theirs, etc).

If you need any extra support throughout the interview process, then please email us at

We also have our very own Beacons (Domestic Abuse Advisors) supporting within each of our global offices. Our Beacons will be your point of contact if you or someone you know needs support.