Group Information Security Analyst

Collinson is the global, privately-owned company dedicated to helping the world to travel with ease and confidence. The group offers a unique blend of industry and sector specialists who together provide market-leading airport experiences, loyalty and customer engagement, and insurance solutions for over 400 million consumers.


Collinson is the operator of Priority Pass, the world’s original and leading airport experiences programme. Travellers can access a network of 1,500+ lounges and travel experiences, including dining, retail, sleep and spa, in over 650 airports in 148 countries, helping to elevate the journey into something special. We work with the world’s leading payment networks, over 1,400 banks, 90 airlines and 20 hotel groups worldwide.

We have been bringing innovation to the market since inception – from launching the first independent global VIP lounge access Programme, Priority Pass to being the first to sell direct travel insurance in the UK through Columbus Direct and creating the first loyalty agency of its kind in the travel sector with ICLP. Today we still invest heavily in innovation to ensure that we continue to deliver superior customer experiences.

Key clients include Mastercard, American Express, Cathay Pacific, British Airways, LATAM, Flying Blue, Accor, EasyJet, HSBC, Chase, HDFC.

Our mission is focused on doing good beyond profit, which for us means we seek out opportunities for our people to share in our success and that we give back to the communities and people within which we work.

Never short of ambition, the success of our business is delivered through the diverse and talented team of over 2,200 global colleagues.

Purpose of the job

As a Group Information Security Analyst, you will support the Group Information Security Team to:

Maintain the Collinson Group Information Security Management System and Certification of this against ISO27001.

Monitor operating company compliance with Group Protection Level Agreements.

Gain assurance operating companies are meeting material client and regulatory security

requirements.

Ensure operating companies maintain and can demonstrate an information security posture which adequately meets the expectations of the markets they operate in.

Define, design and deliver strategic Collinson Group information security programmes to efficiently reduce risk and protect Group interests in line with commercial objectives.

Minimise the impact on information security incidents on Collinson’s operations and profitability by ensuring we can detect, respond and contain incidents efficiently and promptly.

Reduce likelihood and impact of information security incidents by proactively identifying potential vulnerabilities and implementing safeguards and controls.

Key Responsibilities

Information Security Posture

· Demonstrating security tooling, creation of dashboards/reports/alerts, migrating from legacy security tooling, contributing to monthly reports, maintaining a tagging system to identify owners of assets, analysing environments to confirm ownership and usage, creating queries within tooling, conducting security sessions with engineers and stakeholders, automating processes, and documenting activities.

Incident Management

· Using security tools to investigate compromises, communicating findings, ensuring platform functionality, monitoring and analysing cybersecurity events, responding to

threats, supporting assessments, maintaining analytics reporting, supporting assurance activities, and documenting security issues.

Governance & Assurance

· Coordination and documentation of security governance activities, compiling data for reporting, and general security governance support as required, such as through answering policy queries, supporting third-party reviews or compiling security assurance evidence.

General duties

· Provide administrative support for the Group CISO Team and promoting security awareness.

Knowledge, skills and experience required:

· Relevant experience in security incident analysis, incident response, or a similar role.

· You have knowledge of security tools and technologies, such as SIEM, IDS/IPS, firewalls, antivirus, and cloud security.

· Be familiar with SOAR tools and their benefits

· You have experience with security frameworks and standards, such as ISO 27001, NIST, PCI-DSS, GDPR

· A good understanding of industry attack trends and defences

· Understanding of core operating system concepts in Windows, MacOS, and Linux

· A fundamental understanding of how threat actors use tactics such as lateral

movement, privilege escalation, defence evasion, persistence, command and control, and exfiltration

· You have excellent analytical, problem-solving, and communication skills

· You can collaborate with technology and commercial stakeholders effectively to establish relationships and become a trusted advisor.

· You are initiative-taking and with a desire to continually learn and progress in an information security career.

· Relevant years of experience in relevant roles which can demonstrate the requirements listed in this JD.

· Foundational education proving knowledge of the above

Collinson is an equal opportunity employer and welcomes differences in all their forms including: colour, race, ethnicity, gender identity, sexual orientation, neurodivergence, family status, age, individuals with disabilities and people from all backgrounds, cultures and experiences as we strongly believe this contributes to our on-going success.

We are focused on continually evolving our purpose driven, high performing culture, providing an environment where our people have the opportunity to achieve their full potential and do interesting and meaningful work. Our company values are: Take Action, Do the right thing, One team and Be insight led. These help guide everything we do internally in terms of how we think, act and interact, right through to how we deliver value to our customers and clients.

In your application, please feel free to note which pronouns you use (For example - she/her/hers, he/him/his, they/them/theirs, etc).

If you need any extra support throughout the interview process, then please email us at [email protected]