< Back to search

TUI Group • Flexible

Senior Information Security GRC Analyst

Employment type:  Full time


A little flex time

Apply now

Job Description

TUI Group is the world’s number one integrated tourism business. The Security Domain is a global team within TUI Technology responsible for leading Information Security risk management across TUI. TUI Technology is a multi-disciplinary team of experts across Security, Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and The Netherlands.

At TUI we’re ambitious to become the leader in technology within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal.

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.

We are looking for a talented and dedicated security professional to join the Governance, Risk and Compliance (GRC) team which supports the Security Domain in their responsibility to ensure information security risks are managed in alignment to our business goals across TUI Group.

As a Senior Information Security GRC Analyst you will perform a crucial role in supporting the GRC team’s activities. The role will take the lead on supporting the day-to-day delivery of our compliance programmes and Information Security Management System (ISMS) within our technology domains. You will manage the implementation of the frameworks, processes and reporting associated with the technical checks and balances. This role will require strong technical compliance skill alongside strong stakeholder management and influencing skills.


As a Senior Information Security GRC Analyst, you will have experience in the day-to-day management, delivery and tracking of actions towards our assurance and compliance programmes. You will have knowledge and practical experience of regulatory compliance activities (e.g. GDPR) and have a view on how delivery and tracking of compliance actions could be accomplished.

This role will also be responsible for filling policy and standards gaps across the company.

The role will deliver regular reporting to senior stakeholders within the organisation to inform decision making and appropriate investment.

This role will directly assist in enabling TUI to meet its strategic goals. Specifically, you will be responsible for delivering the following:

  • Management and reporting on the status and performance of assurance and compliance programmes.
  • Owning the day-to-day operation of TUI’s application assurance and cyber resilience programmes.
  • Prioritising and managing the workload between the GRC Analysts in the team.
  • Managing the documentation workflow and producing policy, process and guidelines in the appropriate format by liaising with a wide range of stakeholders, driving the approval process and publishing the documents.
  • Supporting the wider GRC team (including the Information Security Officers and Information Security Managers) on a variety of GRC-related activities.
  • Managing the roadmap, prioritising and filling gaps in policy, standards, procedures and frameworks working with the wider GRC team and subject matter experts.
  • Building roadmaps for continued compliance against applicable standards.
  • Becoming a subject matter expert to IT and the business to support delivery against the standards.
  • Manage and mature the CMDB of compliance/governance assets.

Our information security team works in collaboration with business and IT teams across our many businesses. You will build strong working relationships influence others to do the right thing to Protect our Smile.


  • Significant experience with managing compliance or assurance activity in a large travel/web/retail organisation.
  • Strong ability in prioritising a wide breadth of tasks based on both internal and external factors.
  • Excellent communication skills, both written and oral.
  • Ability to produce clear documentation in English.
  • Excellent organisational skills and attention to detail.
  • Information Security Audit skills and experience.
  • Strong experience in a large-scale enterprise organisation, preferably a retail or financial organisation.
  • Strong knowledge of ISO27001, GDPR and associated legislation.
  • Excellent influencing skills.
  • Excellent interpersonal skills including persuasiveness and/or assertiveness skills.
  • Relevant security qualifications (e.g. CISM, CISSP, Security+, PCI P etc.) or equivalent qualifications a nice to have.
  • Experience using standards and frameworks such as NIST, OWASP, ITIL and COBIT.
  • Ability to understand the needs, objectives and constraints of those in other teams.


  • Being a valuable team member of TUI, the No.1 global and socially aware travel company.
  • Competitive salary and benefits.
  • Smart working (Flexible hours) and possibility of working remotely up to 100% or Hybrid from one of our offices.
  • Develop yourself as part of a friendly, richly, diverse virtual international team.

If you want to know more about why TUI Group is the world’s leading tourism group, and our continuing work in the diversity & inclusion space, simply visit careers.tuigroup.com


Company benefits

Travel credit – All benefits vary by location and job role, we'd be happy to chat to you about this in more detail
Work from anywhere scheme – TUI WORKWIDE means colleagues can work from abroad for up to 30 working days a year
Employee discounts
Flexible working week
Bank holiday swaps
Time off in-lieu
Religious celebration leave
Buy or sell annual leave
Health insurance
Gym membership
Open to part time work for some roles
Mental health platform access
Enhanced maternity leave
Shared parental leave
Pregnancy loss leave
Enhanced paternity leave
Compassionate leave
Cinema discounts
Season ticket loan
Travel insurance
Cycle to work scheme
In office catering
Commuter loan
Annual pay rises
Annual bonus
Life assurance
Salary sacrifice
Matched pension contribution
In office workout classes
Teambuilding days
Employee assistance programme
Charity donation scheme
Enhanced sick pay
Share options
Faith rooms
Volunteer days
Lunch and learns
L&D budget
Personal development days
Mental health days
Employees are very happy with their working location freedom
Employees are largely happy with the flexibility in the hours they work
Employees are largely happy with the benefits their company offers
Work-life balance
Employees feel that they can switch off quite easily from work
Role modelling
Employees feel that most people work flexibly
Employees feel they have complete autonomy over getting their work done

Additional employee ratings
(these do not contribute to the FlexScore®)

Employees feel that the diversity is good and there are continued efforts to improve it
Employees feel that the culture supports equity and inclusivity well
Employees enjoy the working environment
Employees feel quite excited about the company mission
Employees feel that their salary is fair and in line with the market average

Working at TUI Group

Company employees

60,000 globally

Gender diversity (male:female)


Office locations

Austria, Belgium, Brazil, Canada, China, Denmark, Finland, France, Germany, India, Ireland, Mexico, The Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland, United Kingdom, USA

Hiring Countries





Dominican Republic
















United Kingdom

Awards & Achievements

Most flexible companies

Most flexible companies

Flexa100 2024