Job Description
Our mission

Travelodge’s mission is to be the UK’s favourite hotel for value.

With more than a million visits every week to our website and more than eighteen million customers a year, the use of technology is critical to both our customer offer and our low-cost operations.

The mission within IT is to ensuring innovative technology drives the business forward, through the development of the company’s customer-facing and internal technology applications. 


The job in a nutshell


Are you an expert when it comes to information security? Do you want to work for a business that takes very seriously the role of keeping our customer, colleague and commercial data safe and ensuring our IT systems are stable and secure? Can you lead and inspire colleagues to implement information security best practices? If yes, then we may have the role for you! 

As Information Security Manager you will be responsible for reducing information security risks across Travelodge, by driving the delivery of consistent, high quality security assurance and controls that meet the organisation’s risk appetite and strategic direction.

Leading a small team, you will create, own and deliver a security strategy and roadmap taking end to end responsibility across all areas of information security. You will drive the development, implementation, management and compliance of standards, processes and technologies and will be accountable for risk management and mitigation related to both information security and IT service continuity.


What you’ll be doing


  • Providing end to end ownership, leadership and direction to the information security function and team.

  • Owning and delivering a holistic information security strategy which supports both IT and wider business objectives.

  • Identifying, designing and implementing appropriate security controls and plans in line with changing IT and business requirements.

  • Developing and maintaining an information security policy and a supporting set of specific policies, ensuring appropriate commitment and endorsement from IT and business stakeholders.

  • Being hands on in the identification and remediation of security threats.

  • Overseeing and managing all day to day IT security operations including security tools/technologies, continuous monitoring and assessment and security incident response (CIRT).

  • Coordinating and executing vulnerability management, code reviews and penetration testing activities ensuring effective plans are implemented to address any findings.

  • Providing architectural input and guidance to technical and business teams, ensuring  a ‘Secure By Default’ approach is taken to all initiatives and changes.

  • Supporting the risk and compliance function with PCI and GDPR compliance initiatives, owning and managing all IT related risks and controls and leading on IT specific audit activities.

  • Identifying and classifying information assets and the level of controls and protection required to manage them.

  • Leading third party supplier management as it relates to information security including supplier reviews, risk assessments and contract management.

  • Preparing and delivering security awareness training to IT and business stakeholders.

  • Developing, managing and maintaining IT service continuity and disaster recovery plans that support the overall business continuity plans.

  • Creating, implementing and managing a comprehensive IT service continuity testing schedule, ensuring all arrangements and plans are periodically tested and ensuring any issues are promptly addressed.

  • Collating and analysing management information relating to information security.

Budget & Staff Management Accountabilities

  • Line Management of Information Security Analysts

  • Management of the Information Security budget


What we’ll expect from you

The ideal candidate will be a ‘hands on’, technology focused Information Security Manager with a track record of leading both transformational change and operational excellence across all aspects of  information security in a mission critical, innovative and forward thinking IT environment.


You must have a strong technical background with an excellent broad understanding of modern day technology architectures and approaches and detailed knowledge of security technologies and best practice. 

 

The following attributes are required for this role:

  • CISSP or CISM essential.

  • BSc Computer Science and/or MSc Information Security desirable but not essential.

  • Leading and managing an information/IT security function and associated teams.

  • Expert knowledge of perimeter, cloud, network, endpoint, application and data security.

  • A strong understanding  of current and future information/cyber security threats and the best way to prevent them.

  • Experience with a range of legacy and next generation application development and infrastructure technologies and architectures.

  • Working knowledge and hands on experience using a wide range of enterprise security management tools, including AV, AETD, SIEM, PAM, FIM, IDS/IPS, FW and DLP.

  • Experience in applying national and international regulatory compliance frameworks, including GDPR, PCI-DSS and ISO27001.

  • A self-starter with an organised and methodical approach and a proven ability to build a successful team to deliver measurable success.

  • Strong influencing and persuasion skills with an inherent ability to demonstrate and sell the benefits of effective Information Security and obtain buy in and support from all stakeholders, including C-level executives.

  • A fast learner with an inherent ability to understand complex technology solutions and to influence and define appropriate security and continuity requirements.

  • Exceptional analytical and report writing / documentation skills with and an ability to create and manage holistic improvement plans, a commitment to quality and a keen eye for detail.

  • A working understanding of Agile and ITSM best practice, ideally ITIL V3 foundation certified.


Sign up to job alerts

We do​n'​t currently have any roles ​in this area but you can sign up to our job alerts to stay up to date with our latest opportunities​.

Sign up to job alerts