Cyber Risk And Compliance Analyst

Summary

Based at Manchester Airport

Permanent Role

Flexible/Hybrid working for a better work/life balance

Why MAG?

At MAG we provide the airport facilities and travel services that people need to connect with the world. As the largest UK-owned airport operator, we serve over 60 million passengers a year from Manchester, London Stansted, and East Midlands Airports. With over 270 destinations across the globe, our businesses not only bring people together but also support the prosperity of the regions in which we operate.

Sustainability is one of our core values, and it shapes everything we do. We're committed to protecting the environment and supporting our local communities. Our programmes include airport and airline decarbonisation, comprehensive education, skills and employment support and community engagement initiatives including volunteering opportunities.

At MAG, we recognise creating a first-class journey for our customers starts by creating a first-class career journey for our colleagues and we are committed to building inclusive environments in which our people can thrive. You'll also have access to some great benefits including:

• Flexible and generous company pension plan with various company contribution options
• 24 days holiday plus bank holidays
• Free parking
• Subsidised public transport
• Huge range of company discounts
• 2 volunteering days per year
• Free Virtual GP service, available 24 hours a day, 7 days a week
• Care Concierge service

The role

As a Cyber Risk & Compliance Analyst at MAG, you'll be a key member of the Security Risk and Compliance Team, helping to develop, implement and operate a comprehensive information security programme. Reporting to the Cyber Security Risk and Compliance Manager, you'll support second-line assurance audits, design and embed new security policies and standards into MAG projects, and coordinate investigations and remediation activities across our technology landscape.

You'll also evaluate and deploy technical controls to meet specific security requirements, maintain security configurations, and support compliance activities including PCI DSS. The scope of your work will span on-premise IT, cloud infrastructure, operational technology, IoT, and secure web applications.

What will make you successful in the role?

We're looking for a detail-driven cyber professional with strong analytical skills and a proactive mindset. You'll need:

• Minimum of two years' experience in information technology or cyber security
• Bachelor's degree in information systems or equivalent work experience
• Professional certifications such as CISSP, CISM, CISA, CEH, ISO 27001 Implementer/Lead Auditor
• Strong understanding of information risk concepts and security frameworks (ISO 27001, NIST, Mitre, ITIL)
• Experience in risk, business impact, control and vulnerability assessments
• Technical knowledge of operating systems (e.g. Microsoft Windows), network infrastructure, and security technologies (IAM, anti-malware, vulnerability management tools)
• Ability to manage audit plans and remediation activities
• Excellent communication skills to engage with colleagues at all levels and external stakeholders
• Familiarity with project management fundamentals and business case development for security investments

Equal Opportunities & Reasonable Adjustments

At MAG we believe in the importance of diversity & inclusion for all. We are committed to creating a workforce that is reflective of our society. As such, we welcome applications from candidates from all backgrounds.

We're also committed to well-being with a focus on mental health and supporting colleagues from underrepresented groups through our Colleague Resource Groups.

As a Disability Confident employer, we are committed to creating an environment where candidates and employees can perform at their optimum. Please let us know if we can provide you with any reasonable adjustments to aid your application or interview process.

You can contact the team by emailing

Our Colleague Resource Groups include:

• Women's Network, Embrace – Race & Ethnicity Group, Fly With Pride (LGBTQIA+), Mental Health, Parent & Carers, Disabilities including neurodiversity.