Senior Information Security GRC AnalystFlexibel; Madrid, Spanien; Barcelona, Spanien; Lissabon,[...]

As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions could be accomplished.

This role will also be responsible for filling policy and standards gaps across the company.

The role will deliver regular reporting to senior stakeholders within the organisation to inform decision making and appropriate investment.

This role will directly assist in enabling TUI to meet its strategic goals. Specifically, you will be responsible for delivering the following:

• Management and reporting on the status and performance of assurance and compliance programmes.
• Owning the day-to-day operation of TUI’s application assurance and cyber resilience programmes.
• Prioritising and managing the workload between the GRC Analysts in the team.
• Managing the documentation workflow and producing policy, process and guidelines in the appropriate format by liaising with a wide range of stakeholders, driving the approval process and publishing the documents.
• Supporting the wider GRC team (including the Information Security Officers and Information Security Managers) on a variety of GRC-related activities.
• Managing the roadmap, prioritising and filling gaps in policy, standards, procedures and frameworks working with the wider GRC team and subject matter experts.
• Building roadmaps for continued compliance against applicable standards.
• Becoming a subject matter expert to IT and the business to support delivery against the standards.
• Manage and mature the CMDB of compliance / governance assets.

Our information security team works in collaboration with business and IT teams across our many businesses. You will build strong working relationships to influence others to do the right thing to protect our smile.

ABOUT YOU

• Significant experience with managing compliance or assurance activity in a large travel / web / retail organisation.
• Strong ability in prioritising a wide breadth of tasks based on both internal and external factors.
• Excellent communication skills, both written and oral.
• Ability to produce clear documentation in English.
• Excellent organisational skills and attention to detail.
• Information Security Audit skills and experience.
• Strong experience in a large-scale enterprise organisation, preferably a retail or financial organisation.
• Strong knowledge of ISO27001, GDPR and associated legislation.
• Excellent influencing skills.
• Excellent interpersonal skills including persuasiveness and/or assertiveness skills.
• Relevant security qualifications (e.g. CISM, CISSP, Security+, PCI P etc.) or equivalent qualifications are a nice to have.
• Experience using standards and frameworks such as NIST, OWASP, ITIL and COBIT.
• Ability to understand the needs, objectives and constraints of those in other teams.

OUR OFFER

• Being a valuable team member of TUI, the No.1 global and socially aware travel company.
• Competitive salary and benefits.
• Smart working (Flexible hours) and possibility of working remotely up to 100% or Hybrid from one of our offices.
• Develop yourself as part of a friendly, richly diverse virtual international team.

If you want to know more about why TUI Group is the world’s leading tourism group, and our continuing work in the diversity & inclusion space, simply visit careers.tuigroup.com