Information Security Manager

Social network you want to login/join with:

Lisbon, PRT Oporto, PT; Barcelona, ES; Madrid, ES; Flexible, undefined; Remote

Permanent Full Time 37.5 - 40 hours

129822

TUI Group is the world’s number one integrated tourism business. Information Security is a global team within TUI technology responsible for maintaining and continuously improving security across TUI. We are a multi-disciplinary team of experts across Governance, Risk and Compliance (GRC), Architecture, Engineering and Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Spain, Germany, Belgium, and The Netherlands.

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognize the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.

We are looking for a talented and dedicated leader to join the Information Security team supporting the information security programme across multiple Technology Domains. As an Information Security Manager within our GRC team, you will play a crucial role in protecting our IT organization.

• Personal benefits: Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
• A career to shape: Opportunities to upskill, reskill, and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
• Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
• Community: Get involved with local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community.

• Promote a security-first culture within your Domains.
• Contribute to creating, iterating, and maintaining an information security programme to address evolving business risks.
• Lead collaboration with stakeholders to communicate and embed secure ways of working, protecting the brand and its customers.
• Drive adoption of security policies, standards, and controls through expert advice.
• Help protect critical assets and ensure appropriate assurance and testing.
• Track lessons learned from incidents and drive remediation of audit findings.
• Ensure security controls are effective (e.g., vulnerability scanning, patching).
• Protect information and data integrity, availability, authenticity, non-repudiation, and confidentiality.
• Manage risk pragmatically and cost-effectively to maintain stakeholder confidence.
• Report on the effectiveness of the security programme and drive continuous improvement.
• Build strong relationships across business and IT teams, influencing others to protect our Smile.
• Practice secure behaviours in all activities.

• Experience leading an information security capability or ISMS and governance, risk, and compliance activities for a large business unit.
• Strong communication and influencing skills, with ability to gain commitment at board level.
• Experience with Customer and Data security; knowledge of cloud (AWS/GCP) and on-premises technologies is a plus.
• Adept at assessing maturity and delivering improvements.
• Certifications like CISSP, CISM, CISA preferred.
• Good understanding of international regulatory contexts, especially data privacy.
• Knowledge of standards and frameworks such as ISO27001, NIST, PCI, OWASP, ITIL, COBIT.
• Excellent planning, organization, interpersonal, and problem-solving skills.
• Goal-oriented with strong commercial acumen and organizational awareness.