Information Security Officer

• Promote and inspire a security first culture at TUI
• Direct the development, implementation, delivery and support of an enterprise Information Security strategy aligned to the strategic requirements of the business
• Lead the provision of Information Security resources expertise, guidance and systems necessary to execute strategic and operational plans across all of the organisation’s information systems
• Ensure that each Domain is motivated and empowered to deliver the prioritised roadmap
• Protect the TUI brand and its customers
• Detect and respond to incidents, strengthen our defences, reduce the attack surface and secure our behaviours
• Drive adoption of and adherence to security policies, standards and controls through the provision of expert advice and guidance
• Protect our most critical assets and ensure appropriate assurance and rigorous testing is in place
• Ensure security incidents are managed effectively through engagement with the security operations team, and that lessons learned and audit findings are remediated
• Ensure effective security operations (e.g. vulnerability scanning, patching)
• Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit
• Manage risk in a pragmatic and cost-effective manner to ensure stakeholder confidence
• Report on the overall effectiveness of the security programme on each Domain against defined key performance indicators and drive continuous improvement
• Build strong working relationships, explain and present complex ideas to audiences at all levels in a persuasive and convincing manner
• Instil secure ways of working and influence others to do the right thing to Protect our Smile
• Lead workstreams focussed on the development of the GRC team from a people, process and tooling perspective

• An experienced authentic leader with a good understanding of technology and managing Information Security risks in the enterprise
• Passionate about Information Security, delivering business value and driving continuous improvement
• Strong people leadership skills and experience in building a positive enabling security culture based on trust, quality and pragmatic risk management
• Great communicator and influencer comfortable working across hierarchical, organisational, cultural and market boundaries
• Experience of managing teams, mentoring and developing security talent from different cultural backgrounds
• Professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience with demonstrable Continuous Professional Development
• Maintain a good understanding of latest security threats and the mitigating strategies
• Ability to provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
• Experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF
• Good understanding of integrating security into software or product development lifecycle and cloud security
• Experience of securing Amazon Web Services workloads is desirable
• Certification in cloud security or architecture a nice-to-have
• Good understanding of the international regulatory context, particularly data privacy
• Good understanding of technology standards and control frameworks such as CIS, NIST, PCI, OWASP, ITIL and COBIT
• Adept at articulating IT security and technical issues to technical and non-technical audiences in a clear and actionable manner
• Experienced at gaining commitment at business unit board level
• Strong commercial acumen when taking actions or making decisions
• Open minded, inquisitive, life-long learner
• Comfortable with ambiguity, highly autonomous

Certification in cloud security or architecture

• Attractive remuneration
• Bonus opportunity
• Exclusive travel perks & discounts
• Extensive health & wellbeing support
• Flexible working
• Opportunities to upskill, reskill and grow your career
• Access the TUI Tech Learning Hub
• Participate in tech communities and collaborate on global projects and teams
• Get involved with local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community