Cyber and Information Security Manager

As a technology-driven business, we are developing new products and services using the latest techniques, technologies, cloud platforms and agile delivery approaches. We are continuing to build our phenomenal team where you will be part of and experience an amazing company culture.

What will your role be?

We are looking for an exceptionally talented and experienced person to lead the Cyber Security and Information Security team, working closely with our Tech, Product and Compliance functions to develop security strategies, policy and posture in a way that enables and protects the business. You will have wide ranging experience including establishing and maintaining security programs, policy and driving continuous data and risk-based improvements to our tools and processes.

You will get to work with different teams across the group, including Engineering, Technical Operations and Compliance with individuals located remotely and at our various office locations. You will be required to travel occasionally, included internationally to work with our teams and operations in other geographies.

With your help, we will deliver resilient, secure and well monitored platforms and services that play an essential part in the evolution and growth of the Awaze business. In return, you can expect to be challenged and rewarded, invested in and empowered to deliver change using the latest technology and tools and processes.

• Be the senior technical authority and cyber security SME and apply appropriate knowledge and skills to input into the overall cyber strategy, policy and posture, working closely with technology, data protection and compliance teams.
• Help set strategic security priorities, aligning focus and plans with quantified risks.
• Makes recommendations on the fit and alignment of solutions and services to align to the Awaze security strategy.
• Implement and maintain the tools and services accounting for the specific needs and operations of Awaze to robustly protect the data, resources, assets, and employees of the business.
• Understand security defence in depth principles and how the layered security model should be implemented and maintained to meet the needs of the business, including specific knowledge and or implementation experience of network, perimeter, endpoint, and application security, including exposure to tools and technologies covering Zero Trust and, Edge security, SASE, WAF, NGAV, NGFW, MDR and SIEM products and vendors.
• Be the owner of frameworks, key processes, SLA’s and KPI’s intended to measure our performance against internal and external CSF’s and standards and report on our internal performance, including as examples NIST, Bitsight, Mitre Attack
• Implement and manage internal security awareness programs designed to educate and track awareness
• Be a designated security incident response lead capable of leading a team through the stages of the SIRT process in response to a security incident.

Who are you?

You will be an experienced cyber security professional, capable of leading a small team of security and DevSecOps analysts and engineers who collaborate with the business and technology and product teams to support our agile roadmaps using modern enteprise tools and platforms to maintain the security of our systems, data and operations.

It’s also expected that you’ll also possess the following skills:

• A strong cyber security technical background
• Experience of simulated security exercises and is able to apply this to participate and facilitate red/blue/purple simulations.
• Deep understanding of all common and emerging threat, compromise and attack methods that can demonstrate that our security strategy and posture is aligned to the threat landscape.
• Experience of conducting vendor risk assessments using repeatable methodologies that identify potential and real risks from entering new partnerships.
• A strong, capable, and influential leader, who builds productive and enduring relationships internally and externally, is comfortable presenting to and engaging with stakeholders and decision makers at all levels of the organisation
• Resilient under pressure and able to maintain focus under difficult situations e.g., major incident.
• A capable problem solver and influencer
• Outstanding communication skills both written and verbal with the ability to translate complex concepts into easily and readily understood terms.
• An evangelist and promoter of culture and practises designed to protect and educate the business.

What are we offering?

• Competitive Base + bonus
• Holidays: 25 days + bank holidays (plus the option to buy up to 5 additional days)
• Holiday Discounts: 18% to 20% discount across all AWAZE UK brands
• Pension: 4% matched
• Healthcare: personal
• Life assurance: 3 x salary
• Perkbox: Annual subscription
• 35 hour working week (flexible working)
• Hybrid working (min 1 day per week in our Manchester office)
• You choose your kit (Mac or Windows Laptop)
• Learning time: We like our teams to spend at least 2 hours a week (if you want to) for L&D.
• Sunlight account - a learning & development platform with an individual training and wellness budget per year

awaze, who are we?

We’re europe's largest holiday vacation rentals group bringing together iconic travel brands including Cottages.com, Hoseasons, Novasol, James Villa Holidays and Fincallorca.

We’re proud to have over 100,000 properties in our portfolio, in 25 countries across Europe, giving our guests the choice of a fantastic range of properties and taking over 1.5 million bookings each year.

Since 2020, we’ve built up a great team of people in the UK & Denmark, who continuously work and collaborate closely together, solve large scale problems and have loads of fun as we continue on our amazing technology & digital journey, the largest technology replatforming project ever in the travel industry.

We’re on a genuinely exciting period of growth, with one simple vision – to delight our owners and guests. Our international product engineering teams are ripping up our entire estate and building brand-new products as we continue to deliver a single platform which will: delight our guests & owners; unify our brands; and create a culture that cultivates collaboration, innovation and celebration.