CrawlJobs Logo

Information Security Officer

https://www.tui.com Logo

TUI

Location Icon

Location:
Portugal , Lisbon

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

TUI Group is the world’s number one integrated tourism business. The Security Domain is a global team within TUI technology responsible for leading Information Security risk management across TUI. We are a multi-disciplinary team of experts across Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and The Netherlands. We are looking for a talented and dedicated security leader to join the Governance, Risk and Compliance (GRC) team which supports the Group CISO in their responsibility to ensure information security risks are managed in alignment to our business goals across TUI Group. Information Security Officer is a senior leadership role (a member of the GRC Leadership Team), responsible for overseeing and supporting the application of TUI’s Information Security management framework across the Group. Providing leadership, governance and a risk-based approach in managing security within specific areas of our business. You will partner with our business and technology leaders to deliver visibility and effective management of Information Security.

Job Responsibility:

  • Promote and inspire a security first culture at TUI
  • Direct the development, implementation, delivery and support of an enterprise Information Security strategy aligned to the strategic requirements of the business
  • Lead the provision of Information Security resources expertise, guidance and systems necessary to execute strategic and operational plans across all of the organisation’s information systems
  • Ensure that each Domain is motivated and empowered to deliver the prioritised roadmap
  • Protect the TUI brand and its customers
  • Detect and respond to incidents, strengthen our defences, reduce the attack surface and secure our behaviours
  • Drive adoption of and adherence to security policies, standards and controls through the provision of expert advice and guidance
  • Protect our most critical assets and ensure appropriate assurance and rigorous testing is in place
  • Ensure security incidents are managed effectively through engagement with the security operations team, and that lessons learned and audit findings are remediated
  • Ensure effective security operations (e.g. vulnerability scanning, patching)
  • Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit
  • Manage risk in a pragmatic and cost-effective manner to ensure stakeholder confidence
  • Report on the overall effectiveness of the security programme on each Domain against defined key performance indicators and drive continuous improvement
  • Build strong working relationships, explain and present complex ideas to audiences at all levels in a persuasive and convincing manner
  • Instil secure ways of working and influence others to do the right thing to Protect our Smile
  • Lead workstreams focussed on the development of the GRC team from a people, process and tooling perspective

Requirements:

  • An experienced authentic leader with a good understanding of technology and managing Information Security risks in the enterprise
  • Passionate about Information Security, delivering business value and driving continuous improvement
  • Strong people leadership skills and experience in building a positive enabling security culture based on trust, quality and pragmatic risk management
  • Great communicator and influencer comfortable working across hierarchical, organisational, cultural and market boundaries
  • Experience of managing teams, mentoring and developing security talent from different cultural backgrounds
  • Professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience with demonstrable Continuous Professional Development
  • Maintain a good understanding of latest security threats and the mitigating strategies
  • Ability to provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
  • Experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF
  • Good understanding of integrating security into software or product development lifecycle and cloud security
  • Experience of securing Amazon Web Services workloads is desirable
  • Certification in cloud security or architecture a nice-to-have
  • Good understanding of the international regulatory context, particularly data privacy
  • Good understanding of technology standards and control frameworks such as CIS, NIST, PCI, OWASP, ITIL and COBIT
  • Adept at articulating IT security and technical issues to technical and non-technical audiences in a clear and actionable manner
  • Experienced at gaining commitment at business unit board level
  • Strong commercial acumen when taking actions or making decisions
  • Open minded, inquisitive, life-long learner
  • Comfortable with ambiguity, highly autonomous

Nice to have:

Certification in cloud security or architecture

What we offer:
  • Attractive remuneration
  • Bonus opportunity
  • Exclusive travel perks & discounts
  • Extensive health & wellbeing support
  • Flexible working
  • Opportunities to upskill, reskill and grow your career
  • Access the TUI Tech Learning Hub
  • Participate in tech communities and collaborate on global projects and teams
  • Get involved with local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community

Additional Information:

Job Posted:
March 23, 2025

Employment Type:
Fulltime
Work Type:
On-site work
Icon
TUI - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Information Security Officer

VP, Information Security Officer (ISO), Markets, Taiwan

The Chief Information Security Office (CISO) is home to deeply talented colleagu...
Location
Location
Taiwan , Taipei
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in Information & Cybersecurity space or related domains such as risk management, auditing, consulting & advisory services
  • One or more of IS/Cybersecurity industry standard certifications (e.g. CISA, CISSP, CISM, SANS GIAC, CEH, CRISC, CCSP,SSCP, CompTIA Security+ etc.) are mandatory
  • Strong understanding of Information security domains with hands on experience of performing application security risk assessments covering controls such as Identity & Access Management, API Security, Cloud/SaaS Security, Cryptography, Sensitive Data protection, Audit Logging/Monitoring, Secure SDLC controls
  • Sound knowledge of Network Security controls (including Firewalls, IDS/IPS) and Application Vulnerability Assessments/Source code & component vulnerability scanning related controls
  • Good understanding of Markets Business and Applications such as such as trading platforms, order management systems, risk management systems, pricing engines etc. is an advantage
  • Hold relevant professional certificates recognized by local authorities
  • Sound knowledge of IS/Cybersecurity related local regulatory, and compliance requirements in the financial services industry and Securities & Futures Markets
  • Understanding of policy compliance and how it relates to risk
  • Extensive knowledge of information security risk assessment methodologies/industry standards
  • Demonstrated ability to take ownership and follow up on issues
Job Responsibility
Job Responsibility
  • Act as a Trusted Security Advisor to business and technology teams, guiding them on IS/Cyber risks
  • Appropriately assess risks when business decisions are made, demonstrating consideration for the firm's reputation and safeguarding Citigroup, its clients and assets
  • Drive compliance with applicable Information & Cybersecurity laws, rules and regulations, adhering to relevant Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Serve as the local point of contact of all information security matters, including management, governance, compliance, and third-party risk management
  • Manage local audit and regulatory engagements impacting CISO
  • Drive country-specific control implementations or special programs, where deemed necessary based on risk assessments or local regulatory requirements
  • Work with business & technology management to drive the information security program and govern risk management activities including CSRA (Cybersecurity Risk Appetite) reporting
  • Work with the internal Applications Development function to facilitate improvements in both architectural and application security posture
  • Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of security controls and corrective actions to mitigate/remediate risks
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
What we offer
What we offer
  • Extensive on-the-job training and exposure to senior leaders
  • Access to telehealth options, health advocates, confidential counseling
  • Expanded Paid Parental Leave Policy
  • Access to an array of learning and development resources
  • Generous paid time off packages
  • Resources and tools to volunteer in the communities
  • Fulltime
Read More
Arrow Right

Information Security Officer

The Information Security Officer is a senior leadership role responsible for ove...
Location
Location
Portugal , Lisbon; Oporto; Madrid; Barcelona
Salary
Salary:
Not provided
https://www.tui.com Logo
TUI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experienced authentic leader with a good understanding of technology and managing Information Security risks in the enterprise
  • Passionate about Information Security, delivering business value and driving continuous improvement
  • Strong people leadership skills and experience in building a positive enabling security culture based on trust, quality and pragmatic risk management
  • Great communicator and influencer comfortable working across hierarchical, organisational, cultural and market boundaries
  • Experience of managing teams, mentoring and developing security talent from different cultural backgrounds
  • Professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience with demonstrable Continuous Professional Development
  • Maintain a good understanding of latest security threats and the mitigating strategies
  • Ability to provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
  • Experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF
  • Good understanding of integrating security into software or product development lifecycle and cloud security
Job Responsibility
Job Responsibility
  • Promote and inspire a security first culture at TUI
  • Direct the development, implementation, delivery and support of an enterprise Information Security strategy aligned to the strategic requirements of the business
  • Lead the provision of Information Security resources expertise, guidance and systems necessary to execute strategic and operational plans across all of the organisation’s information systems
  • Ensure that each Domain is motivated and empowered to deliver the prioritised roadmap
  • Protect the TUI brand and its customers, detect and respond to incidents, strengthen defences, reduce the attack surface and secure behaviours
  • Drive adoption of and adherence to security policies, standards and controls through the provision of expert advice and guidance
  • Protect our most critical assets and ensure appropriate assurance and rigorous testing is in place
  • Ensure security incidents are managed effectively through engagement with the security operations team, and that lessons learned and audit findings are remediated
  • Ensure effective security operations (e.g. vulnerability scanning, patching)
  • Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit
What we offer
What we offer
  • Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support
  • Flexible working: hybrid or remote working models
  • Opportunities to upskill, reskill and grow your career
  • Access the TUI Tech Learning Hub to level-up and reach your ambitions
  • Participate in our tech communities and collaborate on global projects and teams
  • Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community
  • Fulltime
Read More
Arrow Right

Information Security Officer

Information Security Officer is a senior leadership role (a member of the GRC Le...
Location
Location
Portugal , Lisbon; Oporto; Madrid; Barcelona; Flexible
Salary
Salary:
Not provided
https://www.tui.com Logo
TUI
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experienced authentic leader with a good understanding of technology and managing Information Security risks in the enterprise
  • Passionate about Information Security, delivering business value and driving continuous improvement
  • Strong people leadership skills and experience in building a positive enabling security culture based on trust, quality and pragmatic risk management
  • Great communicator and influencer comfortable working across hierarchical, organisational, cultural and market boundaries
  • Experience of managing teams, mentoring and developing security talent from different cultural backgrounds
  • Professionally qualified holding a recognised security accreditation (CISSP/CISM/CISA etc.,) or equivalent experience with demonstrable Continuous Professional Development
  • Maintain a good understanding of latest security threats and the mitigating strategies
  • Ability to provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
  • Experience of the implementation, operation and maintenance of an Information Security Management framework such as ISO27001 or NIST CSF
  • Good understanding of integrating security into software or product development lifecycle and cloud security
Job Responsibility
Job Responsibility
  • Promote and inspire a security first culture at TUI
  • Direct the development, implementation, delivery and support of an enterprise Information Security strategy aligned to the strategic requirements of the business
  • Lead the provision of Information Security resources expertise, guidance and systems necessary to execute strategic and operational plans across all of the organisation’s information systems
  • Ensure that each Domain is motivated and empowered to deliver the prioritised roadmap
  • Drive adoption of and adherence to security policies, standards and controls through the provision of expert advice and guidance
  • Protect our most critical assets and ensure appropriate assurance and rigorous testing is in place
  • Ensure security incidents are managed effectively through engagement with the security operations team, and that lessons learned and audit findings are remediated
  • Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit
  • Manage risk in a pragmatic and cost-effective manner to ensure stakeholder confidence
  • Report on the overall effectiveness of the security programme on each Domain against defined key performance indicators and drive continuous improvement
What we offer
What we offer
  • Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support
  • Flexible working: hybrid or remote working models
  • Opportunities to upskill, reskill and grow your career
  • Access the TUI Tech Learning Hub to level-up and reach your ambitions
  • Participate in our tech communities and collaborate on global projects and teams
  • Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community
  • Fulltime
Read More
Arrow Right

Senior Information Security Officer

Senior Information Security Officer (ISO Sr. Analyst - AVP) is an intermediate l...
Location
Location
Turkey , Istanbul
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Strong knowledge of local regulations (BRSA) and cybersecurity principles
  • Proficient in interpreting and applying policies, standards and procedures
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Preferably holding IT/security certifications such as CISA, CISM, CISSP, CRISC, CEH or similar
  • Follows cybersecurity trends
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Address security issues identified in the various information security programs
  • Review and address issues identified within various Information Security (IS) programs and ensure all IS issues related to Internal Audit, and External Auditors are closed by their original target date
  • Improve the efficacy of governance processes by identifying risks, monitoring controls, and remediating issues
  • Establish cross-sector working relationships and complete weekly awareness discussions with local team to efficiently tackle security issues
  • Ensure risk exceptions are raised, registered and closed on a timely basis and communicate updates and changes to the global standards
  • Complete Risk Assessment process, including completing accurate inventory reporting, data classification, threat analysis, and action plans
  • Test and validate that the business complies with applicable IS requirements
  • develop and implement IS policies and procedures
  • Determine and validate appropriate level of controls are being implemented to safeguard sensitive data
  • Develop Corrective Action Plans for all Information Security-related gaps and approve all closures through reviewing evidence to ensure each closure meets Citi Requirements
  • Fulltime
Read More
Arrow Right

Information Security Officer

Information Security Officer (ISO) is a subject matter expert for business, func...
Location
Location
Mexico , Ciudad De Mexico
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of relevant experience
  • Sound understanding of Information security domains such as Identity Access Management, Cryptography, Data Protection, Vulnerability Assessment, Single Sign-On, Multi-Factor Authentication etc
  • Knowledge of Cloud and Containers security will be of added advantage
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
Job Responsibility
Job Responsibility
  • Work directly with business, functions and technology units and relevant stakeholders to facilitate/ perform Information Security risk assessment and risk management processes to protect information assets
  • Work with business and technology management to drive the information security program and information risk management activities
  • Work with the internal Application Development teams to develop strategies and plans for improving architecture and application security
  • Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of IS controls
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation
  • Participate in the evaluation and selection of applications and systems with focus on Information Security areas
  • Facilitate compliance with all Information Security policies, standards and regulations / directives as mandated by Global CISO Organization
  • Participate/provide, as required, IS awareness training programs for employees, contractors and approved system users
  • Fulltime
Read More
Arrow Right

Senior Information Security & OT Officer

Senior Information Security & OT Officer role at METLEN Energy & Metals, focusin...
Location
Location
Greece , Athens
Salary
Salary:
Not provided
https://www.metlengroup.com Logo
Metlen Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information science, Information systems or a related scientific field
  • Master’s degree will be considered an asset
  • +5 years of experience in Information Security or Cybersecurity roles
  • Strong technical background in cybersecurity and OT security
  • Proven experience in managing information security in OT environments is a strong plus
  • Solid understanding of ISO 27001, ISA/IEC 62443, and NIS2 directives
  • Strong knowledge of risk management methodologies and compliance frameworks
  • Excellent collaboration and communication skills for multi-site and cross-border coordination
Job Responsibility
Job Responsibility
  • Respond to audit requirements for all international sites including factories, energy plants, and solar fields
  • Participate in cyber incident response processes related to international and local industrial installations
  • Guide technical leaders and support information security compliance in Greek and international operations
  • Propose cybersecurity architectures and solutions to safeguard operational technology (OT) infrastructure
  • Participate in management committees to inform senior leadership on cyber risks and compliance issues
  • Work closely with international IT business partners on cybersecurity topics across the global footprint
What we offer
What we offer
  • Competitive remuneration package
  • Ticket Restaurant Card
  • Group Health Insurance Plan
  • Preferential household electricity plan
  • Pension Plan
  • Fulltime
Read More
Arrow Right

Information Security Officer

The Information Security Technology Lead Analyst is a senior level professional ...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven relevant experience
  • Advanced proficiency with Microsoft Office tools and software
  • Consistently demonstrates clear and concise written and verbal communication
  • Established influencing and relationship management capabilities that contribute to strategic alignment and execution
  • Proven analytical skills and a strong sense of curiosity, with the ability to uncover the root causes and understand the true nature of complex security and risk issues
  • Familiarity with enterprise technologies including cloud platforms, APIs, identity management, and data protection practices
  • Demonstrated knowledge of secure design principles and security frameworks.
Job Responsibility
Job Responsibility
  • Identify opportunities to automate and standardize information security controls and for the supported groups
  • Support technical and business teams to resolve any vulnerabilities or issues detected in an application or infrastructure
  • Act as a trusted advisor to business and technology teams, providing pragmatic guidance on cybersecurity risks, controls, and requirements
  • Translate technical security concepts into business-relevant language to inform leadership decisions and drive action
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts
  • Participate in information security assessments across applications, infrastructure, and business processes, ensuring that non-compliant items are addressed in coordination with relevant stakeholders
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Contribute to the growth of less technical colleagues through knowledge-sharing, contextual guidance, and translating complex security concepts into practical understanding.
What we offer
What we offer
  • Competitive base salary (which is annually reviewed)
  • 27 days annual leave (plus bank holidays)
  • A discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources.
  • Fulltime
Read More
Arrow Right

Senior Information Security Officer

In a world of technology, people make the difference. We believe if we invest in...
Location
Location
United States , Reston
Salary
Salary:
Not provided
anavationllc.com Logo
AnaVation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrates strong experience with IC/DoD customer's Assessment and Authorization (A&A) process (e.g., RMF, NIST800-53, ICD503)
  • Experience in developing and implementing DoD/DIA approved information security controls, procedures and documentation for the operation of standalone classified systems
  • A Bachelor’s Degree from an accredited institute in an area applicable to this position and eight (8) years of relevant experience
  • An additional four (4) years of relevant experience may be substituted for the bachelor’s degree
  • Must presently be 8570 compliant (IAT Level 2 preferred)
  • Experience with one or more commercial government cloud service provider’s system accreditation processes
  • Experience with the Xacta
  • Experience as a Cybersecurity Control Assessor
  • Experience with Ongoing Authorizations and Assessments
  • Experience with C2S Cloud, or DevOpsSec
Job Responsibility
Job Responsibility
  • Provide subject matter expertise and consulting on security related matters for enterprise information system and network architectures, access problems, and implementation of security policies and procedures
  • Assist in overseeing and managing day-to-day operation of Information Systems
  • Optimize system operation and resource utilization and performs system capacity planning/analysis while maintaining the security posture
  • Assist team in DIA’s Authorization and Accreditation (A&A) process using RMF across the design lifecycle for classified systems obtaining and maintaining Interim Authority to Operate (ATO), ATO and Authority to Connect (ATC)
  • Create and process RMF authorization packages from submission to approval/disapproval
  • Develop and maintain IT security documents, including system security plans, risk assessments, Plan of Action and Milestones (POA&M), contingency plans, incident response plans, IT security policies and procedures
  • Provide recommendations regarding remediation and mitigation of identified vulnerabilities by developing plan of action and milestones (POA&Ms)
  • Advise developers on integrating security requirements
  • Demonstrate a strong understanding of Networks, Cloud, and IT system security authorization procedures
What we offer
What we offer
  • Generous cost sharing for medical insurance for the employee and dependents
  • 100% company paid dental insurance for employees and dependents
  • 100% company paid long-term and short term disability insurance
  • 100% company paid vision insurance for employees and dependents
  • 401k plan with generous match and 100% immediate vesting
  • Competitive Pay
  • Generous paid leave and holiday package
  • Tuition and training reimbursement
  • Life and AD&D Insurance
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy