Information Security Risk and Assurance Specialist

Ref No. BHN541657
Location Luton, England
Job type Permanent
Job Status Open


The role situated in a team of cyber security professionals and working closely with the wider business to ensure that the principles of Digital Safety are as engrained as Aircraft Safety.


Information Security Risk and Assurance Specialist (Cyber Security)

The Job


Information Security Risk and Assurance Specialist

The role situated in a team of cyber security professionals and working closely with the wider business to ensure that the principles of Digital Safety are as engrained as Aircraft Safety. This means close alignment to Operational, Commercial along with Regulatory and Audit functions. The role requires working closely with the Senior Digital Safety Risk Manager, the Head of Digital Safety Assurance and the Technical Security and Business Partner functions to support the Digital Safety vision.

Job Purpose

The risk and assurance specialist is responsible delivering our risk management framework through identifying, capturing and measuring cyber security risks within easyJet. This role encompasses working with multiple diverse business areas to capture the relevant information that results in the representation of well-defined risk information to support informed decisions in the relevant forums.

This role supports the overall Digital Safety Assurance team's objectives and provides visibility of key information relating to our regulatory compliance or control maturity.

Job Accountabilities

  • Operate the Digital Safety risk framework to assess and record cyber risk within easyJet.
  • Work with multiple functions ranging from technical IT through to business facing functions to capture the full spectrum of related risk information.
  • Operate the digital safety supplier assurance process to understand and capture risks related to our supply chain.
  • Identify and capture potential gaps in our regulatory compliance environment and work with the Digital Safety Compliance Manager and the Data Protection team to resolve.
  • Identify and capture information relating to our Data Governance framework and work with the Digital Safety Data Management Manger to resolve.
  • Work with the IT Quality and Risk function to align on the IT risk relevant areas when dealing with Digital Safety risks.
  • Present findings at relevant risk forums to support the treatment of identified risks.
  • Provide training and advice to colleagues in the Cyber Governance, Compliance, Assurance and Risk team, the wider LC&R team and other departments on the use of the risk methodology to encourage consistent risk measurement and reporting across the company.
  • Update the risk register of information assets with risks associated with each asset.
  • Maintain the risk register of exceptions, assess and record the risk associated with any exceptions.
  • Develop and maintain bow-tie models of key risks which tie in with other team member's measurements of control effectiveness.
  • Model statistical risk models based on risk models (e.g. Monte Carlo analysis).
  • Maintain up to date awareness of the threat landscape and how it affects the probability of risk events occurring.

Ideal Qualifications

We would like someone CRISC or similar (eg Institute of Risk Management)
Somebody with CISSP, COMPTIA Security + or other security qualification and Information Security or industry relevant qualifications

Desirable Skills/Experience
A candidate who has previously worked in a similar information security role and other complementary business roles where the management of some type of risk (e.g. product, project) formed part of the role's responsibilities.

Business skills

Demonstrates effective communication skills.
Someone who plans, schedules and monitors own work (and that of others where applicable) competently within limited deadlines and according to relevant legislation, standards and procedures.
A candidate who is able to contribute fully to the work of teams. Appreciates how own role relates to other roles and to the business of the employer or client.
Somebody who demonstrates an analytical and systematic approach to issue resolution, takes the initiative in identifying and negotiating appropriate personal development opportunities.
Some who understands how own role impacts security and demonstrates routine security practice and knowledge required for own work.



Related articles

Back to top