CrawlJobs Logo

Head of Information Security, Risk and Compliance

travelodge.co.uk Logo

Travelodge Hotels Limited

Location Icon

Location:
United Kingdom , Thame

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

110000.00 GBP / Year
Save Job
Save Icon
Apply Position

Job Description:

Senior leadership position within the IT Operations team. The primary mission is to reduce security risks through robust controls that align with Travelodge’s commercial strategy.

Job Responsibility:

  • Strategic Leadership: Develop a continuously evolving security roadmap and "defence in depth" strategy
  • manage both internal teams and strategic third-party partners
  • Operational Management: Oversee 24x7x365 security operations, including continuous monitoring, threat assessment, incident response (CIRT)
  • Risk & Compliance: Develop and maintain an industry-standard Risk Management framework
  • ensure compliance with PCI-DSS, GDPR, and NIST frameworks
  • Governance & Policy: Maintain Information Security policies and conduct regular audits of processes and controls
  • Technical Oversight: Coordinate vulnerability management, penetration testing, and code reviews
  • provide "Secure by Design" architectural guidance for all new initiatives
  • Supply Chain & Budget: Manage a portfolio of security vendors to ensure value and responsiveness
  • oversee the OPEX and CAPEX budgets that enable your function to operate and continuously improve
  • Business Integration: Act as a trusted advisor to senior leadership and collaborate with Project Delivery to ensure risk reduction is baked into every project as well as BAU Operations
  • Testing and Readiness: Lead company-wide staff awareness, testing and education campaigns, as well as regular audits, scenario-based testing and penetration testing

Requirements:

  • Certifications: CCSP, CISSP-ISSMP, or CISM
  • Methodologies: ITIL v4 Foundation
  • FAIR Risk Modelling
  • experience in Project Management or Business Change
  • Advanced Tech: Experience defining Zero Trust Architecture (ZTA) and implementing security controls within public cloud environments (IaaS/PaaS)
  • pragmatic, hands-on leader
  • master of communication
  • self-starter
  • technical expertise rooted in securing critical B2B and B2C eCommerce platforms, particularly within hosted and SaaS-heavy environments
  • expert-level knowledge of perimeter, cloud, network, and data security
  • proven track record of embedding industry frameworks like NIST, ISO27001, or CIS into a large-scale operation
  • strong commercial acumen to navigate contract negotiations and vendor management
What we offer:
  • Annualise Bonus
  • Car Allowance
  • Contributory pension scheme
  • 50% personal discount for hotel bookings and great friends and family discounts too
  • 25 days holiday + bank holidays, increasing with length of service
  • A focus on learning and career development

Additional Information:

Job Posted:
February 13, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Travelodge Hotels Limited - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
PREMIUM
More languages and countries
+ Unlock 2204 hidden job offers
Languages
English Čeština Deutsch Ελληνικά Español Français +15
Countries
United States United Kingdom India Canada Australia +
See plans
Plans from $2.99 / month

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Head of Information Security, Risk and Compliance

Security Strategy and Risk Management Head of Department

The Security Strategy and Risk Management Head of Department is a senior leaders...
Location
Location
United States , Irvine
Salary
Salary:
181240.00 - 259160.00 USD / Year
haeaus.com Logo
Hyundai AutoEver America
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15–20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations
  • Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline
  • Excellent stakeholder management, communication, and leadership skills
  • Demonstrated experience working across multi-disciplinary teams to achieve common objectives
  • Proficient in English for effective communication and coordination
Job Responsibility
Job Responsibility
  • Lead enterprise-wide risk assessment, risk issue management, and risk exception management
  • Maintain and enhance risk management frameworks aligned with industry best practices
  • Deliver insightful, data-driven risk reporting to senior leadership
  • Oversee the Information Security compliance and control assurance program
  • Lead coordination of internal and external audits, assessments, and certification processes
  • Lead the Third-Party Risk Management (TPRM) program
  • Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures
  • Direct the Information Security Training and Awareness program
  • Partner with the CISO to define and maintain the Information Security strategic roadmap
  • Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization
  • Fulltime
Read More
Arrow Right

Head of Cloud Compliance

Atlassian is seeking a dynamic and experienced leader for the position of Head o...
Location
Location
United States , San Francisco
Salary
Salary:
165800.00 - 266400.00 USD / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years of experience in risk management, compliance management, cloud compliance, product compliance and relevant domain
  • 10+ years of experience as a people manager
  • Strong knowledge of compliance management frameworks, methodologies, and regulatory requirements
  • Proven ability to lead and inspire teams, drive cultural change, and influence stakeholders at all levels
  • Excellent analytical, problem-solving, and decision-making skills
  • Outstanding communication and presentation skills, with the ability to articulate complex risk concepts clearly and concisely
Job Responsibility
Job Responsibility
  • Develop and implement a comprehensive cloud compliance strategy that addresses both commercial and federal requirements
  • Lead the cloud compliance function, ensuring alignment with organizational goals and regulatory obligations
  • Ensure compliance with relevant federal regulations (e.g., FedRAMP, FISMA) and commercial standards (e.g., ISO 27001, SOC 2)
  • Stay informed about changes in cloud compliance regulations and assess their impact on the organization
  • Develop and maintain robust cloud compliance frameworks and controls to ensure secure and compliant cloud operations
  • Implement automated solutions for continuous monitoring and reporting of cloud compliance status
  • Identify, assess, and mitigate cloud-related compliance risks in collaboration with risk management teams
  • Develop metrics and dashboards to provide insights into cloud compliance status and risk posture
  • Work closely with IT, security, legal, and business units to integrate compliance requirements into cloud strategies and operations
  • Lead cross-functional teams to address complex compliance challenges and ensure cohesive strategies
What we offer
What we offer
  • health coverage
  • paid volunteer days
  • wellness resources
  • Fulltime
Read More
Arrow Right

Information Security Senior Analyst

The Info Sec Prof Senior Analyst is an intermediate-level position responsible f...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • applicable certifications or willingness to earn within 12 months of joining
  • consistently demonstrates clear and concise written and verbal communication
  • proven influencing and relationship management skills
  • proven analytical skills
  • ICND 1 Certification or equivalent knowledge in Networking
  • excellent Microsoft Excel skills
  • basic network infrastructure knowledge
  • ability to work with Big Data
  • exhibiting a high degree of flexibility and ability to multi-task, seeking guidance where necessary
Job Responsibility
Job Responsibility
  • Identify potential information security (IS) risks and make recommendations for enhancement
  • collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
  • execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
  • ensure that controls are utilized daily and that non-compliance remediation is addressed
  • provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
  • educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
  • validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
  • support the Annual Connectivity Verification process
  • validate legacy connectivity for ownership, registration, and usage
  • Fulltime
Read More
Arrow Right

Specialist – Governance, Risk & Control

To manage and lead the Technology Security Governance, Risk, Compliance and Assu...
Location
Location
Lesotho
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Degree or equivalent in IT/Engineering or relevant tertiary qualification
  • Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII), GDPR, etc.
  • Proven experience managing and operating multiple security programs, projects, and initiatives
  • Ability to write reports for different security stakeholders
  • Proficient in preparation of reports, dashboards and documentation
  • Knowledge of and experience with GDPR
  • Web Application security and best practises
  • Business Analysis skills
  • High competence in Programming skills
  • Risk assessment skills
Job Responsibility
Job Responsibility
  • Direct, develop, implement and maintain a comprehensive Vodacom-wide information security governance, risk and compliance strategy
  • Ensure security is embedded in IT System and Network Infrastructure (Mobile, IS and Enterprise) across the Vodacom
  • Ensure timely delivery of technology security assurance and support for projects
  • Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options
  • Monitor information security governance, risk, and compliance by Vodacom BIT, Mobile and Enterprise Business domains
  • Ensure alignment of information security governance with the Vodacom’s business objectives, the information security strategy, plans and controls
  • Ensure compliance with the applicable legislative and regulatory interpretation and corporate risk appetite
  • With the assistance of Head: Technology Governance, Lead, develop, manage and maintain the Vodacom-wide information security governance deliverables lifecycle including compliance measurement, deviations and exemptions
  • Engage with the stakeholders on compliance to control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement
  • Develop, manage and implement the Vodacom information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, Data Protection Act of Lesotho, Cyber Crime Bill)
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Head of Security and Compliance

The Head of Security and Compliance will be responsible for building and leading...
Location
Location
United States
Salary
Salary:
Not provided
eightsleep.com Logo
Eight Sleep
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10+ years of experience in security engineering, with deep expertise in mobile app security, IoT device security, or cloud infrastructure security
  • Proven expertise in cybersecurity, cloud infrastructure security (AWS), IoT device security, and corporate risk management
  • Experience in consumer technology, health tech, or regulated industries is highly desirable
  • Strong knowledge of compliance standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
  • Excellent communication and stakeholder management skills
  • Ability to balance risk with business agility in a fast-paced startup environment
Job Responsibility
Job Responsibility
  • Oversight and implementation, operation and monitoring of information security tools and processes in customer production environments
  • Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register
  • Communicates information security risks to executive leadership
  • Reports information security risks annually to Eight Sleep leadership and gains approvals to bring risks to acceptable levels
  • Define and own Eight Sleep’s end-to-end security strategy across cloud, product, corporate, and customer environments
  • Serve as the primary security advisor to the executive team—translating risk into clear business decisions and helping set the company’s security posture and risk tolerance
  • Build and scale Eight Sleep’s security program, including roadmap, processes, metrics, and future team structure
  • Oversee security architecture and practices for software, cloud infrastructure, connected devices (IoT), and data storage
  • Ensure compliance with security frameworks (e.g., SOC 2, GDPR, HIPAA)
  • Lead vulnerability management, threat detection, and incident response
What we offer
What we offer
  • Equity participation
  • Periodic equity refreshments based on performance
  • Every Eight Sleep employee receives a Pod
  • Fulltime
Read More
Arrow Right

Chief Country Compliance Officer Sr Mgr

Oversees the Citi Compliance Risk Management Program for a medium to smaller fra...
Location
Location
Bahamas , Nassau
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Credibility as a subject matter expert and experience of dealing with issues that have a high impact at all levels of the organization
  • Experience of working with key country level regulators and industry associations
  • Knowledge of local regulatory requirements and obligations and the ability to identify emerging compliance issues and themes
  • An ability to influence senior business leaders on all compliance risk-related matters affecting the business. The individual should have the ability to independently challenge, when needed, while at the same time being supportive and solution-based and not being perceived as obstructive
  • An ability to be “hands on” and “in the trenches” with the direct team, while also bringing a sense of strategic vision and a global sensibility to the function
  • Ability to navigate and negotiate through conflicting demands to maintain focus on priority objectives while ensuring key stakeholders’ needs are met
  • Strong team leadership, communication, interpersonal and management skills, with a track record of leading through change and the ability to effectively communicate the strategic vision to various stakeholder groups
  • Effective negotiation skills, a proactive and “no surprises” approach in communicating issues and strength in sustaining independent views. Strong presentation and relationship management and influencing skills are essential
  • The ability to thrive and execute in a complex, highly matrixed, global environment
  • Bachelor’s Degree highly preferred or relevant, equivalent experience. Preference for post graduate degree and/or recognized professional qualifications where applicable. Professional qualifications may include: CRMC or equivalent, CPA, ACA, CIA, CFA, ACAMS, etc. strong technical knowledge of compliance regulations and requirements, experience within a highly complex, global financial institution, regulator or related industry participant.
Job Responsibility
Job Responsibility
  • Annual Country Compliance Plan: Preparing, obtaining approval and successfully completing an annual compliance risk management plan, in accordance with the global template and content and presentation requirements, setting out how compliance risk will be managed within the jurisdiction and its constituent parts, and the role to be played by ICRM in order to achieve the plan. Identification of the jurisdictional requirements, accountabilities and the process ownership and monitoring and testing ownership, as well as the determination of suitable staffing, hours required and secured budget in order to achieve the state of compliance within risk appetite will be set out in the plan, which will be reviewed quarterly with the jurisdictional CCC and ICRM, as well as any applicable legal entity, as well as where required by applicable regulatory agencies. The annual country compliance plan must take into consideration the applicable compliance risk assessments and MCAs appropriate to the jurisdiction and its activities.
  • State of Compliance Reporting: Preparing quarterly, in accordance with the approved global format, and in adherence to all established requirements for the State of Compliance reporting. The State of Compliance report will be presented to the appropriate CCC, BRCC and legal entity Board or Board Audit Committee, or other such Board committee required within the jurisdiction.
  • Enhancing Governance: Providing a valued interactive program of support and compliance risk management services covering the assessment and reporting of Key Compliance Risks across products, services, functions, legal entities, service centers and the jurisdiction as a whole. Providing stakeholders with insight and practical solutions as well as credible challenge to improve the ethical control culture, and conduct risk environment. Timely reporting of significant local regulatory issues to local, overseas, regional, and global stakeholders. Same-day escalation of regulatory reports received. Maintaining on-going assessment and reporting of the State of Compliance through the relevant corporate governance committees such as country audit committee(s) and/or subsidiary board(s), country coordinating committee and business risk management committee, and other management body(ies). Key Activities Compliance Risk Culture:
  • Stakeholder Support and Relationships: Developing senior management relationships, including with legal entity management focus, inclusive of non-executive directors (where they exist in the jurisdiction), and the CCO as well as product functional and entity/service center line management. Informing senior management and directors of subsidiary boards, and the country/business management of significant compliance matters that require their attention or action. Proactively anticipate and help the business and functions plan for changes in the compliance and regulatory environment in the country. Provide support to compliance programs and country/business management on policy interpretation and “gray area” exposures. Build and maintain strong relationships with other functional leads, including Legal, Risk Management, including Operational Risk Management, and Internal Audit to create a supportive and seamless compliance and ethical control culture and an appropriate conduct risk environment. Key Activities Processes and Activities:
  • Regulatory Management and Coordination: Supporting the Citi Country Officer (CCO) in the management and development of regulatory relationships. Coordinating as the key interface with regulators on compliance risk management issues and supervisory exam management matters. Providing same day notification of regulator correspondence to Citi Compliance Officer, Regulatory Liaison and Exam Management CCO and ICRM COO. Providing leadership, coordination and regular interaction with the [insert country] authorities on behalf of ICRM and the Citi franchise. Record regulator correspondence and minutes of regulator meetings on Citi system in line with the Global Regulatory Exam Management Governance and Process Standards. Ensuring prompt recording of, responses to, and escalation of regulatory queries, notices of violations and breaches, any forbearance, and concerns identified. Deliver to regulators and supervisors a valued interactive program of support and assurance in accordance with requirements and appropriate expectations on compliance issues, trends, themes, root cases and impacts relating to governance, regulatory risk management and internal control issues. The overall objective is to earn the regulator’s trust and to establish a strong, independent and professional regulatory relationship across the franchise.
  • Regulatory Inventory: Ensuring prompt identification, logging in, evaluation and formulation of a plan to address requirements arising from new and amended laws, regulations, rules and other requirements and expectations from regulatory and enforcement authorities.
  • Regulatory Change Management and Controls: Ensuring that the regulatory change management requirements and processes, along with the regulatory control framework for existing requirements, are effectively operating within the country with respect to the identification, impact assessment and implementation of all applicable laws, regulations, rules and related processes, controls and reporting that impact Citi activities in the jurisdiction.
  • Anti-Money Laundering Compliance Risk Management (ACRM): Providing strategic direction, oversight, coordination and cooperation in respect of the country’s Anti-Money Laundering compliance risk management program. Partner closely and with the Head of ACRM to ensure a strong linkage between ICRM and ACRM.
  • Independent Compliance Risk Management (Program and Product/Service/Function focused*): Providing direction and oversight in supporting the ICRM teams in the country related to local requirements and the applicable extraterritorial laws, regulations, relevant Citi policies, standards, and global procedures. Deliver consistent application of program procedures and be accountable to program owners consistent with the ICRM methodology and CRM Framework. *Programs include but are not limited to: Sanctions
  • Anti Bribery
  • Fulltime
Read More
Arrow Right

Information Security Officer

The Information Security Officer will be responsible for the development, implem...
Location
Location
France , Tassin-la-Demi-Lune
Salary
Salary:
Not provided
lumapps.com Logo
LumApps
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
  • 5+ years of experience in information security, risk management, or IT auditing
  • Deep understanding of network security, cloud security (GCP/Azure), IAM (Identity and Access Management)
  • Ability to translate complex technical risks into "business language" for executive leadership
  • A calm, analytical approach to high-pressure crisis situations
  • Absolute commitment to ethics and confidentiality
Job Responsibility
Job Responsibility
  • Develop and maintain an enterprise-wide information security strategy and roadmap
  • Create, document, and enforce security policies, standards, and procedures (e.g., Access Control, Data Encryption, Incident Response)
  • Lead regular risk assessments and vulnerability audits
  • coordinate with department heads to mitigate identified risks
  • Ensure the organization meets regulatory requirements such as SOC2 and ISO 27001
  • Design and oversee security training programs for all employees to reduce human-factor risks like phishing
  • Evaluate the security posture of third-party vendors and supply chain partners
  • Customers main point of contact for security requests
What we offer
What we offer
  • Hybrid work model – 2 days at the office, 3 days remote
  • RTT days – ~10 extra days off per year
  • Meal vouchers (SWILE) + free snacks & coffee
  • Yoga classes – Take a mindful break in our Paris office
  • Supportive parental leave and family moments — yes, even a Christmas party for your kids !
  • Health insurance (ALAN) – 60% covered + full life & disability cover
  • Afterworks, team celebrations & seasonal parties
  • Equipment
  • French & English lessons, professional development & access to Leeto CSE
  • Fulltime
Read More
Arrow Right