IT Risk Manager

Collinson is the global privatelyowned company dedicated to helping the world to travel with ease and confidence. The group offers a unique blend of industry and sector specialists who together provide marketleading airport experiences loyalty and customer engagement and insurance solutions for over 400 million consumers.

Collinson is the operator of Priority Pass the worlds original and leading airport experiences programme. Travellers can access a network of 1500 lounges and travel experiences including dining retail sleep and spa in over 650 airports in 148 countries helping to elevate the journey into something special. We work with the worlds leading payment networks over 1400 banks 90 airlines and 20 hotel groups worldwide.


We have been bringing innovation to the market since inception from launching the first independent global VIP lounge access Programme Priority Pass to being the first to sell direct travel insurance in the UK through Columbus Direct and creating the first loyalty agency of its kind in the travel sector with ICLP. Today we still invest heavily in innovation to ensure that we continue to deliver superior customer experiences.


Key clients include Visa Mastercard American Express Cathay Pacific British Airways LATAM Flying Blue Accor EasyJet HSBC Chase HDFC.


Our mission is focused on doing good beyond profit which for us means we seek out opportunities for our people to share in our success and that we give back to the communities and people within which we work.


Never short of ambition the success of our business is delivered through the diverse and talented team of over 1800 global colleagues.

Purpose of the job

This role is a crucial part of the first line of defence (FLOD) of the Collinson Insurance organisation.

This will be achieved by:

1. Providing guidance expertise and coordinating all FLOD activities to meet regulatoryindustry and best practice requirements associated with the technology and data estate forthe Insurance organisation.

2. Acting as the goto person for IT risk related matters supporting the Head of Engineering infulfilling all activities for the FLOD including maintaining adherence to all IT GeneralControls FCA/PRA guidelines Maltese Financial Services Authority (MFSA) guidelines andthe requirement of the European Digital Operational Resiliency Act (DORA) and relatedregulations and guidelines. Advocating for all IT risk controls and risk management acrossthe organisation.

3. Coordination with all internal and external second and third line of defence functions andother compliance and control functions across the enterprise.

Ultimately this role is focused on ensuring that all IT and data risks are assessed managed and their impact reduced in line with a regulated operating company and will be responsible for identifying analysing and influencing the management of information and data risks across the organisation.

Key Responsibilities

Accountable for all FLOD activities processes improvements strategy for all technology and dataassets for the Insurance organisation working closely with other responsible roles across theorganisation.

Ensure that the appropriate internal controls are designed implemented and maintained for allIT and data risk areas.

Provide assurance that all controls are operating effectively using key indicators and regularreviews. Be a key coordinator and contributor to the monthly Technology Risk and CyberSecurity working group.

Report regularly on key indicators and overall health of the IT and data controls framework tocommittees boards and 3rd party groups in scope.

Help educate and consult with the organisation on best practice control design.

Perform focused information and data risk assessments of existing or new services andtechnologies along with business counterparts.

Actively engage in and contribute to agile planning and design sessions and help product ownersprioritise IT risk security and data risk items.

Provide consultative advice to technology product and service teams that enables them tosuggest informed risk management decisions based on industry best practice regulatoryguidelines and rules and latest legislation also ensuring security and data protection by design.

Identify and facilitate implementation of appropriate controls to effectively manage information

and data risks as needed. Maintaining and issuing draft policies as needed for the areas in scope.

Identify opportunities to improve risk posture developing solutions for remediating or mitigatingrisks and assessing the residual risk.

Work closely with other second and third line of defence teams including Group CISO Insuranceand Group Risk and Compliance and Internal Audit teams.

Stay abreast of industrywide best practice regulatory changes and legislation changes pertinentto all aspects of the Insurance business and directs changes needed to ensure alignment withFLOD activities.

Seek opportunities to mature the IT and data risk framework and achieve and maintain industryrecognised accreditations.

Ensure robust and effective security and data incident management practices are in place withcontinuous improvements sought. Take the lead on incident and problem management ofpriority (P1 and P2) security and data incidents that affect the Insurance organisation to theirsatisfactory conclusion coordinating with Group Data Protection Officer CISO and externalparties as needed.

Knowledge skills and experience required

A good practical knowledge of IT security technologies and wider business solutions includingFirewalls IDS/IPS identity and access management SIEM remote working and cloudtechnologies.

An understanding of application security threats and countermeasures.

An understanding of current and emerging information security threats and countermeasures and the organisational challenges to addressing these threats.

Solid understanding of IT risk frameworks and practical experience of using and deploying frameworks for business advancement regulatory compliance and information security management frameworks (e.g. International Organization for Standardization IS0 27000 COBIT National Institute of Standards and Technology NIST 800)

An understanding of legislation and regulations that impact information Security e.g. GDPR.

Experience managing security governance within AWS and Azure environments.

The ability to work within a security framework and to articulate its potential as a tool for continuous improvement.

Demonstrable experience in a FLOD role ideally as an IT Risk Analyst or Manager in a regulated industry ideally Insurance.

Evidence of continuous improvements being made in the IT and Data Risk areas

Comfortable working in a fastpaced commercially focused environment.

Ability to communicate security and riskrelated concepts to technical and nontechnical audiences.

Ability to build strong relationships and influence decisions with internal and external stakeholders.

The ability to cut through organisational barriers to achieve the overall goal.

Good analytical skills and the ability to challenge the norm.

The ability to be pragmatic and balance the commercial needs of Collinson with security and data protection requirements.

Qualification or experience with Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) and/or Certified Information Systems Auditor (CISA) is desirable.

Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity and data protection areas in a way that consistently drives objective factbased decisions about risk that optimise the tradeoff between risk mitigation and business performance.

Personal Specification:

An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside ones network within an organization.

An ability to apply original and innovative thinking to produce new ideas.

An understanding of business needs and commitment to delivering highquality prompt and efficient service to the business.

An ability to effectively influence others to modify their opinions plans or behaviours.

Excellent prioritisation capabilities with an aptitude for breaking down work into manageable parts effectively assessing the priority and time required to complete each part.

Strong decisionmaking capabilities with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Strong problemsolving and troubleshooting skills.

Have good judgment and a sense of urgency and demonstrate commitment to high standards of ethics regulatory compliance customer service and business integrity.

Selfmotivated and possessing a high sense of urgency and personal integrity.

Highest ethical standards and values.

The ability to demonstrate through examples the effective management of stakeholder relationships at all levels internally and externally

Excellent written and spoken English

Personable enthusiastic and a good communicator (ability to present inform and guide others)

Ability to bridge communications between technical and business focussed groups

Ability to thrive in a fast moving and changing environment

Comfortable working with people at all levels in an organisation

Ability to show initiative and to work independently

Willingness to take on a variety of roles and responsibilities

Ability to build and use positive relationships with your team business and technology partners

Collinson is an equal opportunity employer and welcomes differences in all their forms including: colour race ethnicity gender identity sexual orientation neurodivergence family status age individuals with disabilities and people from all backgrounds cultures and experiences as we strongly believe this contributes to our ongoing success.

We are focused on continually evolving our purpose driven high performing culture providing an environment where our people have the opportunity to achieve their full potential and do interesting and meaningful work. Our company values are: Act smarter Do the right thing One team and Be insight led. These help guide everything we do internally in terms of how we think act and interact right through to how we deliver value to our customers and clients.

In your application please feel free to note which pronouns you use (For example she/her/hers he/him/his they/them/theirs etc).

If you need any extra support throughout the interview process then please email us at

We also have our very own Beacons (Domestic Abuse Advisors) supporting within each of our global offices. Our Beacons will be your point of contact if you or someone you know needs support.