Information Security Manager

As an Information Security Manager (ISM) you will promote a security first culture at TUI. You will contribute to the delivery of an information security strategy to address the evolving business risk and empower the Domain to deliver the prioritised roadmap. You will lead the collaboration with stakeholders to communicate and embed secure ways of working with regular cadence and engagement. This will include protecting the TUI brand and its customers, detecting and responding to incidents, strengthening our defences, reducing the attack surface, proactively highlighting risks to the business and promoting security awareness as second nature.

You will drive adoption of and adherence to security policies, standards, and controls through the provision of expert advice and guidance. Protect our most critical assets and ensure appropriate assurance and rigorous testing is in place. You will ensure local security incidents are managed effectively, and that lessons learned, and audit findings are remediated. You will have come from a technical background and having good knowledge of security in AWS Cloud environments having held a technical role. Ensure effective security operations (e.g. vulnerability scanning, patching). Protect the integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. Manage risk in a pragmatic and cost-effective manner to ensure stakeholder confidence. You will report on the overall effectiveness of the security programme on the Domain against defined key performance indicators and drive continuous improvement.

Our information security team works in collaboration with business and IT teams across our many businesses. You will build strong working relationships influence others to do the right thing to Protect our Smile.

Security is part of everyone’s job. At TUI, we practise secure behaviours first in everything we do.

• Demonstrable experience of leading and information security capability for a large business unit.
• Good understanding of security within agile development processes, and in Amazon Web Services.
• Adept understanding of security operations and security incident management.
• Good experience in implementing ISMS in a large organisation.
• AWS Cloud Fundamental or Practitioner certification preferable.
• ISO27001 Lead Implementer, COMPTIA Security+, CISMP/CISSP/CISM/CISA certified preferred.
• Good understanding of the international regulatory context, particularly data privacy.
• Good understanding of standards and frameworks such as ISO, NIST, PCIDSS, OWASP, ITIL and COBIT.
• Excellent planning and organisation skills to determine effective course of action.
• Strong communication skills. Experienced at gaining commitment from stakeholders to reach broader goal to reduce information security risks.
• Excellent interpersonal and relationship skills to work with technical and non-technical colleagues around the world.
• Goal orientated to maintain focus on agreed Information Security objectives and deliverables.
• Problem solving skills to identify creative and elegant solutions to support Information Security GRC activities and overall objectives.
• A logical thinker, and a team player with ability to think positively in a problem situation.
• Strong commercial acumen when making proposals, taking actions or help support decision making.
• Good organisational structure awareness. Able to identify the decision makers and influencers.
• Ability to understand the needs, objectives, and constraints of those in other teams.

From a workplace to a place to belong. At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.

We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.