Collinson is the global privatelyownedcompany dedicated to helping the world to travel with ease andconfidence. The group offers a unique blend of industry and sectorspecialists who together provide marketleading airport experiencesloyalty and customer engagement and insurance solutions for over400 million consumers.
Collinson is theoperator of Priority Pass the worlds original and leading airportexperiences programme. Travellers can access a network of 1500lounges and travel experiences including dining retail sleep andspa in over 650 airports in 148 countries helping to elevate thejourney into something special. We work with the worlds leadingpayment networks over 1400 banks 90 airlines and 20 hotel groupsworldwide.
We have been bringinginnovation to the market since inception from launching the firstindependent global VIP lounge access Programme Priority Pass tobeing the first to sell direct travel insurance in the UK throughColumbus Direct and creating the first loyalty agency of its kindin the travel sector with ICLP. Today we still invest heavily ininnovation to ensure that we continue to deliver superior customerexperiences.
Key clients include VisaMastercard American Express Cathay Pacific British Airways LATAMFlying Blue Accor EasyJet HSBC Chase HDFC.
Our mission is focused on doing goodbeyond profit which for us means we seek out opportunities for ourpeople to share in our success and that we give back to thecommunities and people within which we work.
Never short of ambition the successof our business is delivered through the diverse and talented teamof over 1800 globalcolleagues.
Purpose of thejob
This role is a crucial partof the first line of defence (FLOD) of the Collinson Insuranceorganisation.
This will be achievedby:
1. Providing guidance expertise andcoordinating all FLOD activities to meet regulatoryindustry andbest practice requirements associated with the technology and dataestate forthe Insurance organisation.
2. Actingas the goto person for IT risk related matters supporting the Headof Engineering infulfilling all activities for the FLOD includingmaintaining adherence to all IT GeneralControls FCA/PRA guidelinesMaltese Financial Services Authority (MFSA) guidelines andtherequirement of the European Digital Operational Resiliency Act(DORA) and relatedregulations and guidelines. Advocating for all ITrisk controls and risk management acrosstheorganisation.
3. Coordination with all internaland external second and third line of defence functions andothercompliance and control functions across theenterprise.
Ultimately this role is focused onensuring that all IT and data risks are assessed managed and theirimpact reduced in line with a regulated operating company and willbe responsible for identifying analysing and influencing themanagement of information and data risks across theorganisation.
KeyResponsibilities
Accountable forall FLOD activities processes improvements strategy for alltechnology and dataassets for the Insurance organisation workingclosely with other responsible roles acrosstheorganisation.
Ensure that the appropriateinternal controls are designed implemented and maintained for allITand data risk areas.
Provide assurance that allcontrols are operating effectively using key indicators andregularreviews. Be a key coordinator and contributor to the monthlyTechnology Risk and CyberSecurity workinggroup.
Report regularly on key indicators andoverall health of the IT and data controls framework tocommitteesboards and 3rd party groups in scope.
Helpeducate and consult with the organisation on best practice controldesign.
Perform focused information and datarisk assessments of existing or new services andtechnologies alongwith business counterparts.
Actively engage inand contribute to agile planning and design sessions and helpproduct ownersprioritise IT risk security and data riskitems.
Provide consultative advice totechnology product and service teams that enables them tosuggestinformed risk management decisions based on industry best practiceregulatoryguidelines and rules and latest legislation also ensuringsecurity and data protection by design.
Identify and facilitate implementation of appropriate controls toeffectively manage information
and data risks asneeded. Maintaining and issuing draft policies as needed for theareas in scope.
Identify opportunities toimprove risk posture developing solutions for remediating ormitigatingrisks and assessing the residualrisk.
Work closely with other second and thirdline of defence teams including Group CISO Insuranceand Group Riskand Compliance and Internal Audit teams.
Stayabreast of industrywide best practice regulatory changes andlegislation changes pertinentto all aspects of the Insurancebusiness and directs changes needed to ensure alignment withFLODactivities.
Seek opportunities to mature the ITand data risk framework and achieve and maintain industryrecognisedaccreditations.
Ensure robust and effectivesecurity and data incident management practices are in placewithcontinuous improvements sought. Take the lead on incident andproblem management ofpriority (P1 and P2) security and dataincidents that affect the Insurance organisation totheirsatisfactory conclusion coordinating with Group DataProtection Officer CISO and externalparties asneeded.
Knowledge skills andexperience required
A goodpractical knowledge of IT security technologies and wider businesssolutions includingFirewalls IDS/IPS identity and access managementSIEM remote working and cloudtechnologies.
Anunderstanding of application security threats andcountermeasures.
An understanding of current andemerging information security threats and countermeasures and theorganisational challenges to addressing thesethreats.
Solid understanding of IT riskframeworks and practical experience of using and deployingframeworks for business advancement regulatory compliance andinformation security management frameworks (e.g. InternationalOrganization for Standardization IS0 27000 COBIT National Instituteof Standards and Technology NIST 800)
Anunderstanding of legislation and regulations that impactinformation Security e.g. GDPR.
Experiencemanaging security governance within AWS and Azureenvironments.
The ability to work within asecurity framework and to articulate its potential as a tool forcontinuous improvement.
Demonstrable experiencein a FLOD role ideally as an IT Risk Analyst or Manager in aregulated industry ideally Insurance.
Evidenceof continuous improvements being made in the IT and Data Riskareas
Comfortable working in a fastpacedcommercially focused environment.
Ability tocommunicate security and riskrelated concepts to technical andnontechnical audiences.
Ability to build strongrelationships and influence decisions with internal and externalstakeholders.
The ability to cut throughorganisational barriers to achieve the overallgoal.
Good analytical skills and the ability tochallenge the norm.
The ability to be pragmaticand balance the commercial needs of Collinson with security anddata protection requirements.
Qualification orexperience with Certified Information Systems Security Professional(CISSP) Certified Information Security Manager (CISM) and/orCertified Information Systems Auditor (CISA) isdesirable.
Ability to identify and assess theseverity and potential impact of risks. Communicate risk assessmentfindings to risk owners outside the cybersecurity and dataprotection areas in a way that consistently drives objectivefactbased decisions about risk that optimise the tradeoff betweenrisk mitigation and businessperformance.
PersonalSpecification:
An ability to workon several tasks simultaneously and pay attention to sources ofinformation from inside and outside ones network within anorganization.
An ability to apply original andinnovative thinking to produce new ideas.
Anunderstanding of business needs and commitment to deliveringhighquality prompt and efficient service to thebusiness.
An ability to effectively influenceothers to modify their opinions plans orbehaviours.
Excellent prioritisationcapabilities with an aptitude for breaking down work intomanageable parts effectively assessing the priority and timerequired to complete each part.
Strongdecisionmaking capabilities with a proven ability to weigh therelative costs and benefits of potential actions and identify themost appropriate one.
Strong problemsolving andtroubleshooting skills.
Have good judgment and asense of urgency and demonstrate commitment to high standards ofethics regulatory compliance customer service and businessintegrity.
Selfmotivated and possessing a highsense of urgency and personal integrity.
Highest ethical standards and values.
Theability to demonstrate through examples the effective management ofstakeholder relationships at all levels internally andexternally
Excellent written and spokenEnglish
Personable enthusiastic and a goodcommunicator (ability to present inform and guideothers)
Ability to bridge communications betweentechnical and business focussed groups
Abilityto thrive in a fast moving and changingenvironment
Comfortable working with people atall levels in an organisation
Ability to showinitiative and to work independently
Willingnessto take on a variety of roles andresponsibilities
Ability to build and usepositive relationships with your team business and technologypartners
Collinson is anequal opportunity employer and welcomes differences in all theirforms including: colour race ethnicity gender identity sexualorientation neurodivergence family status age individuals withdisabilities and people from all backgrounds cultures andexperiences as we strongly believe this contributes to our ongoingsuccess.
We are focused oncontinually evolving our purpose driven high performing cultureproviding an environment where our people have the opportunity toachieve their full potential and do interesting and meaningfulwork. Our company values are: Act smarter Do the right thing Oneteam and Be insight led. These help guide everything we dointernally in terms of how we think act and interact right throughto how we deliver value to our customers and clients.
In your application pleasefeel free to note which pronouns you use (For example she/her/hershe/him/his they/them/theirsetc).
If you need any extrasupport throughout the interview process then please email us at
We also have our very ownBeacons (Domestic Abuse Advisors) supporting within each of ourglobal offices. Our Beacons will be your point of contact if you orsomeone you know needs support.