We have disrupted the way people travel since we started 25 years ago, and we don’t intend on stopping. We may be facing the biggest challenge in our history, but we are confident that throughout the pandemic we have taken the right action to build back stronger and better – and we want you to play a part in that and #belongherewithus.

We know that flexibility, balance and wellbeing are more important than ever right now. Whether that’s working remotely, part time, or needing extra support when times are tough – we are always #happytotalkflex.

We’re Europe’s leading airline – with a network of over 1000 routes across 35 countries.  We lead the industry in data, digital, web, engineering and operational innovations, to make travel easier and great value for our customer.

We have also been named as Britain’s Most Admired Company of 2020 in the transport sector, retaining the leading position for a second year running. We support. We empower. We excite. And we do it our way. We’re uniquely different. We’re easyJet.

Job Purpose

The cyber risk specialist is responsible for ensuring that cyber risk is understood and managed within easyJet. The purpose is to allow the company to make informed cyber risk decisions based on a consistent use of risk methodologies and terminology, alongside accurate knowledge of the assets, the threat landscape and the potential impact on the company’s activities.

Job Accountabilities

• Maintain and improve standard risk assessment methodologies to be used to assess and record digital safety risk within easyJet in close liaison with the Head of Risk and Audit.

• Maintain and manage the Digital Safety Risk Register

• Perform ongoing risk assessments of easyJet assets

• Provide management reporting and attend the relevant governance forums to report on Digital Safety risk status

• Ensure that the asset register is kept up to date with the risk profile of each asset

• Maintain the register of exceptions, assess and record the risk associated with any exceptions.

• Develop and maintain bow-tie models of key risks which tie in with other team member’s measurements of control effectiveness.

• Model statistical risk models based on risk models (e.g. Mote Carlo analysis)

• Work closely with the Threat and Vulnerability Manager to maintain up to date awareness and reporting of the threat landscape and how it affects the probability of risk events occurring

• Provide training and advice to colleagues in the Cyber Governance, Compliance, Assurance and Risk team, the wider LC&R team and other departments on the use of the risk methodology to encourage consistent risk measurement and reporting across the company.

• Ensure that the underpinning risk and exceptions processes are fit for purpose and aligned with the Enterprise Risk approach

Ideal Qualifications

• CRISC or similar (eg Institute of Risk Management)

• COMPTIA Security + or other technical security qualification

• Risk or mathematical degree

Desirable Skills/Experience

• This role operates at SFIA level 3

• Previous work in a security role and other complementary business roles where the management of some type of risk (e.g. product, project) formed part of the role’s responsibilities.

• Candidates must have the essential skills identified.

• Strong candidates will demonstrate the desirable skills.

Level of Responsibility Required

>Autonomy - Works under general direction. Uses discretion in identifying and responding to complex issues and assignments. Receives specific direction, accepts guidance and has work reviewed at agreed milestones. Determines when issues should be escalated to a higher level.

>Influence - Interacts with and influences colleagues. Has working level contact with customers, suppliers and partners. May supervise others or make decisions which impact the work assigned to individuals or phases of projects. Understands and collaborates on the analysis of user/customer needs and represents this in their work.

>Complexity - Performs a range of work, sometimes complex and non-routine, in a variety of environments. Applies methodical approach to issue definition and resolution.

>Knowledge - Has a sound generic, domain and specialist knowledge necessary to perform effectively in the organisation typically gained from recognised bodies of knowledge and organisational information. Demonstrates effective application of knowledge. Has an appreciation of the wider business context. Takes action to develop own knowledge.
 

Business skills

• Demonstrates effective communication skills.

• Plans, schedules and monitors own work (and that of others where applicable) competently within limited deadlines and according to relevant legislation, standards and procedures.

• Contributes fully to the work of teams. Appreciates how own role relates to other roles and to the business of the employer or client.

• Demonstrates an analytical and systematic approach to issue resolution.

• Takes the initiative in identifying and negotiating appropriate personal development opportunities.

• Understands how own role impacts security and demonstrates routine security practice and knowledge required for own work.

Information Security Skills Required - (based on IISP skills framework 2v3);

LOCATION & HOURS OF WORK
This full time role will be based in Luton, and will be 40 hours per week.