Information Security Manager
37.5 - 40
TUI Group is the world’s number one integrated tourism business. Product and Engagement is a global team within TUI Group responsible for the business delivery and operation of all E-commerce solutions. We are a multi-disciplinary team of experts across Digital Marketing, Digital Product, Digital Experience & DX, UI, SEO and Optimisation & Analytics, providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and the Netherlands.
At TUI we’re ambitious to become the leader in digital sales within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal.
We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.
As an Information Security Manager within our Information Security community of practice you will perform a crucial role in protecting our IT organisation.
ABOUT THE JOB:
As an Information Security Manager (ISM) you will promote a security first culture within your domain. You will contribute to the creation, iteration and maintenance of an information security programme to address the evolving business risk and empower the Domain to deliver a prioritised roadmap. You will lead the collaboration with stakeholders to communicate and embed secure ways of working. This will include protecting the TUI brand and its customers, detecting and responding to incidents, strengthening our defences, reducing the attack surface and securing our behaviours.
- Drive adoption of and adherence to security policies, standards, and controls through the provision of expert advice and guidance.
- Help protect our most critical assets and ensure appropriate assurance and rigorous testing is in place.
- Track lessons learned from security incidents and drive the remediation of audit findings within the domain.
- Ensure that security controls are effective (e.g. vulnerability scanning, patching).
- Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit.
- Manage risk in a pragmatic and cost-effective manner to ensure stakeholder confidence.
- Report on the overall effectiveness of the security programme in the Domain against defined key performance indicators and drive continuous improvement.
Our information security team works in collaboration with business and IT teams across our many businesses. You will build strong working relationships and influence others to do the right thing to Protect our Smile.
Security is part of everyone’s job. At TUI, we practise secure behaviours first in everything we do.
- Demonstrable experience of leading an information security capability (or ISMS) for a large business unit.
- Strong experience in leading information security governance, risk and compliance activities within a large business unit.
- Strong communication and influencing skills. Experienced at gaining commitment at business unit board level.
- Good understanding of security within agile development processes, and in Amazon Web Services.
- Adept understanding of security operations.
- CISSP/CISM/CISA certified preferred.
- Good understanding of the international regulatory context, particularly data privacy.
- Good understanding of standards and frameworks such as ISO27001, NIST, PCI, OWASP, ITIL and COBIT.
ABOUT OUR OFFER
- Competitive salary
- Generous holiday entitlement & holiday discounts
- Forward thinking ways of working
- TUI time off, purchase of additional holiday entitlement
- Excellent rates with foreign exchange and discounts with retailers
At TUI, we know people are as diverse as the destinations we send our customers to. We love to see your uniqueness shine through and inspire the future of travel. If you would like to read more about what Diversity & Inclusion means to us simply visit our Smile page Click here
Do you have any questions regarding this job offer? Get in touch!
Please note: Only for questions or queries. Applications will only be accepted via the Careers Portal.