Information Security Lead


Premium Job From TUI

Recruiter

TUI

Listed on

21st February 2018

Location

Luton

Salary/Rate

Competitive

Salary Notes

Competitive

Type

Permanent

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

Our Challenge

We process over two million customer bookings and over five million customer card payments each year. This means that our business handles vast amounts of information that our customers expect we will protect. The information we need to protect includes details of credit cards, bank accounts and other customer personal data. We also have a duty of care to our employees to protect their personal data and provide a safe place to work.

Our Team

The Information Security Team is responsible for providing information security assurance for the TUI Group function. The team is expanding and this is an exciting opportunity to be part of a dynamic and growing function.

The Role

We are creating an additional role to focus on project information security risk assurance. This role will manage risk as projects move through a formal project lifecycle and would be responsible for a portfolio of projects. The new role would support the Information Security Lead - Projects position which is currently accountable for project assurance.

What you will be doing

As an Information Security Lead -Systems Assurance your role will be to offer assurance to the entire systems lifecycle process; giving a risk based approach to information security process working within the NIST framework, in accordance with source market requirements and approach.

This role is to be responsible for (although not limited to) the general management of Information Security Systems Assurance, ensuring all new and existing systems and solutions are secured appropriately and in line with TUI Group guidance and local source market requirements. The role will work to design, plan, implement, discover and remediate against NIST, ITGC (IT General Controls) and local source market requirements. Principally you will be responsible for vulnerability testing, managing security platforms (AV. IDS/IPS, Firewall process/change, Network Access Control, vulnerability remediation, etc) and the process to embed these into the IT operational functions and processes already in place.

This role will build these management processes, engage stakeholders and continuously mature it into a BAU process to understand and manage the risk and threats affecting all the servicing estate globally.

The role will continually be performing BIA, risk based assessments and privacy impact assessments in order to determine treatment and action for the project/information security. We expect this will lead to fully specifying end to end security requirements based on an Information Security set of artefacts, stating baseline and policy. There will be some supervising penetration testing using 3rd Party suppliers in order to ensure project security and this will lead to wider interaction within the Source Market Information Security departments to ensure visibility and accurate decision making.

Your ultimate responsibility will be to mature, socialise, advise and assure the Head of Services - Digital Platforms of the security process required to apply to the operational IT stack managed within this area. This role will ensure that we are capturing risks and actions and seeing them through to conclusion. There will be global liaison and visibility required as part of this role. This role will directly assist in enabling TUI to meet its strategic goals.

What we are looking for

You will be accountable for the following:

          Managing the wider TUI group stakeholders and source markets

          Liaising with the local IS teams to ensure aligned approach and strategy

          Managing the operational Information Security maturity within Digital Platforms

          Reporting and socialising the state of security with key stakeholders (to be defined by the Head of Services - Digital Platforms)

          Following the relevant governance and reporting compliance status

          Ensure risks are appropriately recorded within the risk process

          Ensure the SLA’s (set by the Head of Services - Digital Platforms) are met and reported on

          Create clear processes for operationally managing the information security within Digital Platforms

For this role we are looking for talented individuals who have:

          Experience performing information security governance of projects in a formal project lifecycle

          Experience performing privacy impact assessments

          CISSP or equivalent qualifications

          Experience managing penetration testing engagements using 3rd Parties

          Experience of Prince2 methodologies

          Effective communication, influence and stakeholder management skills

          Ideally good experience with PCI DSS in a large retail organisation

Working within TUI group

TUI Group is the world’s number one integrated tourism business operating in around 180 countries worldwide with over 1,800 travel agencies across Europe, six airlines operating more than 130 aircraft, more than 300 Group-owned hotels and resorts and twelve cruise ships. Our 63,000 colleagues, all with a passion for holidays, work hard to deliver our customer promise "Discover your smile"

How to apply

Please click on the APPLY button below, the application process consists of answering a few questions and uploading your CV.

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: