Senior Information Security GRC Analyst

Job Description

TUI Group is the world’s number one integrated tourism business. The Security Domain is a global team within TUI Technology responsible for leading Information Security risk management across TUI. TUI Technology is a multi-disciplinary team of experts across Security, Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and The Netherlands.

At TUI we’re ambitious to become the leader in technology within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal.

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.

We are looking for a talented and dedicated security professional to join the Governance, Risk and Compliance (GRC) team which supports the Security Domain in their responsibility to ensure information security risks are managed in alignment to our business goals across TUI Group.

As a Senior Information Security GRC Analyst you will perform a crucial role in supporting the GRC team’s activities. The role will take the lead on supporting the day-to-day delivery of our compliance programmes and Information Security Management System (ISMS) within our technology domains. You will manage the implementation of the frameworks, processes and reporting associated with the technical checks and balances. This role will require strong technical compliance skill alongside strong stakeholder management and influencing skills.

ABOUT THE JOB

As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions could be accomplished.

This role will also be responsible for filling policy and standards gaps across the company.

The role will deliver regular reporting to senior stakeholders within the organisation to inform decision making and appropriate investment.

This role will directly assist in enabling TUI to meet its strategic goals. Specifically, you will be responsible for delivering the following:

• Management and reporting on the status and performance of assurance and compliance programmes.
• Owning the day-to-day operation of TUI’s application assurance and cyber resilience programmes.
• Prioritising and managing the workload between the GRC Analysts in the team.
• Managing the documentation workflow and producing policy, process and guidelines in the appropriate format by liaising with a wide range of stakeholders, driving the approval process and publishing the documents.
• Supporting the wider GRC team (including the Information Security Officers and Information Security Managers) on a variety of GRC-related activities.
• Managing the roadmap, prioritising and filling gaps in policy, standards, procedures and frameworks working with the wider GRC team and subject matter experts.
• Building roadmaps for continued compliance against applicable standards.
• Becoming a subject matter expert to IT and the business to support delivery against the standards.
• Manage and mature the CMDB of compliance/governance assets.

Our information security team works in collaboration with business and IT teams across our many businesses. You will build strong working relationships influence others to do the right thing to Protect our Smile.

ABOUT YOU

• Significant experience with managing compliance or assurance activity in a large travel/web/retail organisation.
• Strong ability in prioritising a wide breadth of tasks based on both internal and external factors.
• Excellent communication skills, both written and oral.
• Ability to produce clear documentation in English.
• Excellent organisational skills and attention to detail.
• Information Security Audit skills and experience.
• Strong experience in a large-scale enterprise organisation, preferably a retail or financial organisation.
• Strong knowledge of ISO27001, GDPR and associated legislation.
• Excellent influencing skills.
• Excellent interpersonal skills including persuasiveness and/or assertiveness skills.
• Relevant security qualifications (e.g. CISM, CISSP, Security+, PCI P etc.) or equivalent qualifications a nice to have.
• Experience using standards and frameworks such as NIST, OWASP, ITIL and COBIT.
• Ability to understand the needs, objectives and constraints of those in other teams.

OUR OFFER

• Being a valuable team member of TUI, the No.1 global and socially aware travel company.
• Competitive salary and benefits.
• Smart working (Flexible hours) and possibility of working remotely up to 100% or Hybrid from one of our offices.
• Develop yourself as part of a friendly, richly, diverse virtual international team.

If you want to know more about why TUI Group is the world’s leading tourism group, and our continuing work in the diversity & inclusion space, simply visit careers.tuigroup.com

#TUIjobs