We process over two million customer bookings and over five million customer card payments each year. This means that our business handles vast amounts of information that our customers expect we will protect. The information we need to protect includes details of credit cards, bank accounts and other customer, sensitive and personal data. We also have a duty of care to our employees to protect their personal data and provide a safe place to work. The Information Security Team is responsible for providing information security assurance for the UK & Ireland arm of the business and is based in Luton. The team is expanding and this is an exciting opportunity to be part of a dynamic and growing function. We are creating a new role to focus on providing dedicated resource for our PCI DSS, ISO and GDPR compliance requirements along with having a capability to design and implement good practice controls, while managing the frameworks, processes and reporting associated with the technical checks and balances. This role will require technical compliance skill alongside, governance and stakeholder management skills.
What you will be doingAs an Information Security Lead – Compliance & Governance you will be an expert in PCI DSS and GDPR compliance. You will lead the UK&I effort to further our compliance against these (and other) standards from a governance (Policy/Standard/Blueprint), technical (Control assessment/Project engagement/Architectural input) and stakeholder/reporting perspective. Your role will be to manage the existing PCI DSS estate and roadmap its maturity journey along with business strategic direction and take over the GDPR control monitoring responsibilities for our BAU position in 2018. This role will be responsible for the general policy management of the UK&I IS function and also be required to build strategy between the UK&I and the rest of the TUI Group business to ensure consistency in approach and delivery.The role will deliver regular reporting to senior stakeholders within the organisation to inform decision making and appropriate investment Your ultimate responsibility will be to mature, socialise, advise and report to the Information Security Manager, the status of our compliance against these standards. There will be global liaison and visibility as part of this role. This role will directly assist in enabling TUI to meet its strategic goals. Specifically, you will be accountable for the following:• Monthly reporting of the PCI DSS and GDPR compliance statuses to senior stakehodlers• Defining roadmaps for continued compliance against these standards• Delivering support to all areas of IT and the business to ensure strategic alignment against the standards• Work with all of TUI Group to ensure that we are aligned in terms of approach, policy and control methods associated with the standards• Liaise with our issuing bank and other financial partners to ensure they are kept informed of our progress• Regularly determine any gaps in policy, procedure and blueprints – work with IT/IS to remediateDaily reporting of Information Security Threats relevant to TUI and its third parties• Manage and mature a CMDB of compliance/governance assets• Drive adoption of the standards within the business; championing the message through regular department/stakeholder engagement sessions• Technical involvement in the change process to determine potential risks to compliance and assist with remediation• Technical involvement in multiple steering groups to ensure compliance against standards
What we are looking forFor this role we are looking for talented individuals who have:• Experience with managing PCI DSS in technical environments• Experience with GDPR legislation• Experience with architectural principals• Experience with high complexity environments• Experience managing multiple stakeholders successfully • Experience with Information Security Frameworks to manage governance and compliance• Experience with securing web payment platforms aligned to compliance need• Experience with securing retail environments aligned to compliance need• PCI QSA, PCI ISA, PCI P or equivalent qualifications a nice to have• Effective communication, influence and stakeholder management skills• Ideally good experience with PCI DSS in a large travel/web/retail organisation
Working within TUI groupTUI UK and Ireland is the UK’s largest tour operator with key brands including TUI, First Choice, Marella Cruises and Crystal Ski Holidays. Sub brands include Sensatori, Sensimar, and Family Life, as well as First Choice Holiday Villages and SplashWorld Resorts. Our airline is the UK’s third largest with 62 aircraft operating to over 88 destinations in 30 countries. We have a team of more than 10,000 employees serving over 5.5 million customers each year. It’s our people that make us number one.TUI Group is the leading tourism business with over 67,000 employees across the world. The Group includes our unique hotel portfolio, our cruise ships, our own aircraft, tour operators, travel agencies, and much more. At TUI, we have embarked on a journey of development towards a more digital, connected and integrated future. But we haven’t arrived there yet. Join us now and shape the future of travel. You can look forward to a competitive salary, pension scheme and further benefits such as generous holiday discounts, great rates with foreign exchange and discounts with retailers.
How to applyPlease click on the link below, the application process consists of answering a few questions and uploading your CV.