The Information Security Team is responsible for providing information security assurance for the UK & Ireland arm of the business and is based in Luton. The team is expanding and this is an exciting opportunity to be part of a dynamic and growing function.
We are creating a new role to focus on providing threat and vulnerability management and assurance within TUI UK&I. This role will work heavily with the business and IT functions to ensure accurate risk governance and operational remediation. This role will require technical skill as well as stakeholder management skill.
What you will be doing
As an Information Security Lead – Threat & Vulnerability you will be responsible for (although not limited to) the overall management of the vulnerability management of our UK&I estate along with being the knowledge centre of excellence for Information Security threat detection. This role will establish, mature and maintain the vulnerability management process, utilising existing investment and suggesting (where required) new investment for best managing the risk of vulnerabilities within the estate. You will be required to monitor global threats, trends and campaigns relevant to our organisation along with creating global relationships throughout the TUI Group to assist with larger projects and initiatives related to threat and vulnerability management. This role will managae third parties to assist with both threat and vulnerability management as we move to a more service driven, scalable, solution for the future. The candidate will be expected to deliver regular updates to multiple stakeholders and work closely with the IT operations teams, the broader business functions, group functions, and the rest of the information security team to deliver clear objectives in risk reduction and technical maturity within the ever evolving IT estate.
The role will monitor information sharing mechanisms to confirm that threat reporting and vulnerability management is consistent with security policies and to escalate risks to the appropriate stakeholders and to the Information Security Manager.
Your ultimate responsibility will be to mature, socialise, advise and report to the Information Security Manager, the threats relevant to our organisation and its partners while getting a continuous view of our the IT estate and its vulnerabilities, along with ensuring that we are meeting our targets for remediation and reducing risk. There will be global liaison and visibility as part of this role. This role will directly assist in enabling TUI to meet its strategic goals. Specifically, you will be accountable for the following:
- Daily reporting of Information Security Threats relevant to TUI and its third parties
- Weekly monitoring of the UK&I estate to ensure that all the assets are kept up to date
- Weekly monitoring of vulnerabilities affecting the UK&I estate and reporting to multiple stakeholders
- Stakeholder management of Group IS Threat/Vulnerability Management – including any intitatives
- Helping mature the TUI Group (global) approach to threat and vulnerability management
- Daily monitoring of the Internet and Email gateway security channels
- Reporting position of all UK critical data and assets to the IS Manager and various global stakeholders
- Stakeholder management of IT Operations to ensure patching process meets with information security requirements
- Incident management and handling; acting as a single point of contact for information security incidents
- Technically managing the various UK&I platforms to deliver benefit to projects, activities and initiatives as required.
What we are looking for
For this role we are looking for talented individuals who have:
- Experience with Vulnerability Management platforms (Tenable Nessus preferred)
- Experience with Threat Management tools; management of threat analysis
- Experience with internet and email gateway security tools
- Experience managing large scale vulnerability management programs
- Experience with asset management programs
- Experience with Data Loss Prevention (DLP) solutions
- Experience performing risk and impact assessments
- CISSP or equivalent qualifications
- Effective communication, influence and stakeholder management skills
- Ideally good experience with PCI DSS in a large retail organisation
Working within TUI group
Working at TUI
TUI UK and Ireland is the UK’s largest tour operator with key brands including TUI, First Choice, Marella Cruises and Crystal Ski Holidays. Sub brands include Sensatori, Sensimar, and Family Life, as well as First Choice Holiday Villages and SplashWorld Resorts. Our airline is the UK’s third largest with 62 aircraft operating to over 88 destinations in 30 countries. We have a team of more than 10,000 employees serving over 5.5 million customers each year.
It’s our people that make us number one
TUI Group is the leading tourism business with over 67,000 employees across the world. The Group includes our unique hotel portfolio, our cruise ships, our own aircraft, tour operators, travel agencies, and much more. At TUI, we have embarked on a journey of development towards a more digital, connected and integrated future. But we haven’t arrived there yet. Join us now and shape the future of travel.
You can look forward to a competitive salary, pension scheme and further benefits such as generous holiday discounts, great rates with foreign exchange and discounts with retailers.
How to apply
Please click on the link below, the application process consists of answering a few questions and uploading your CV.