Who we are
We’re the people behind the global loyalty currency, Avios, and home to three ambitious, growing businesses; IAG Loyalty, BA Holidays and The Wine Flyer. Each business has its own goals and strategy, but collectively we create brilliant experiences for our global customers.
We’re on a truly exciting journey of growth and transformation – we’re going places! This is where you come in.
The Opportunity
IAG Loyalty is rapidly evolving into a Platform as a Service business, and we are looking for a Senior Cyber Security Consultant to join our GRC Security Team. If you have a strong understanding of security controls, compliance standards, and a passion for ensuring robust security across platforms, this is the role for you! As a key member of our security team, you will conduct security assurance activities, including assessing projects, suppliers, and key partners, while ensuring compliance with ISO 27001 and SOC 2 standards. You’ll work closely with cross-functional teams, helping us stay ahead of security risks and maintain compliance at the speed of DevOps.
What you’ll get up to
You will provide expert security advice to product teams and the wider organisation, ensuring that our platform meets security compliance obligations across multiple frameworks and regulations, including ISO 27001, SOC 2, NIST CSF, and PCI. You’ll play a key role in responding to partner security audits and maintaining an effective cyber security training and awareness program. Additionally, you'll manage cyber risk, reporting and communicating risks to leadership teams, while maintaining ISMS processes and documentation, including our security policy set. You will also be responsible for managing GRC team tools, including our compliance automation tool, and collaborating with other governance functions, such as the wider IAG group oversight team, internal audit, privacy, legal, and compliance teams. After the probation period, you will join a 24x7 on-call security escalation rota to ensure timely response to security incidents.
What we need from you
* Experience in GRC-related cybersecurity, managing security standards like ISO 27001, SOC 2, NIST CSF, and PCI
* Strong understanding of enterprise IT, including cloud, SaaS, and associated cyber risks
* Proven ability to manage and mitigate cyber risks across systems and processes
* Experience conducting security audits and ensuring compliance with security frameworks
* Knowledge of cyber risk management and security incident response
* Ability to balance security priorities with business goals in a risk-based approach
* Excellent communication and collaboration skills, building strong partnerships across teams
We might not be right for you if:
* You only want to focus on your to-do list; we’re a small, high-performing team, we help each other to succeed.
* You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn’t right for everyone.
* You’re looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review.
If you think you have what it takes but don't meet every single point above, please do still apply. We'd love to chat and see if you could be a great fit.
Equity, Diversity and Inclusion at IAG Loyalty
Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives.
This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities.
Please let us know if we can make any reasonable adjustments to support your interview process with us.
#J-18808-Ljbffr