IT Security Specialist, Musement, TUI Destination Experiences

Joining the TUI Destination Experiences CIO Office team as IT Security Specialist, you will be responsible for implementing the enterprise vision, strategy and program to ensure data, assets and technologies are properly protected. Also support the IT security officer in identifying, developing, implementing and maintaining processes across the organization, compliance with the policies to reduce data and IT security risks. 

TUI Destination Experiences, or TUI DX for short, is the world’s leading provider of destination experiences. With 9,000 diverse employees in 49 countries and head office locations including Palma de Mallorca, Luton and Hannover. We offer 14 million guests a portfolio of excursions, activities, tours, transfers and guest services. TUI DX is part of TUI Group, the world's leading tourism group.

  • Undergraduate Degree or University Degree
  • Oracle, Cisco, EMC, Microsoft, VMware, SAP advanced skills – 10 years of experience
  • ITIL and Project Management
  • Knowledge of the Linux and Windows platforms. Familiarity with the operating system security requirements
  • Knowledge of AWS cloud infrastructure security and shared responsibility model. Familiarity with AWS security tools like inspector, guard duty and trusted advisor
  • Previous experience in implementing best practices in IT Security Management, Disaster Recovery and Business Continuity Management policies and procedures. UNE ISO/IEC 27000 Certificate highly desirable
  • Understanding of Information Privacy and legal issues surrounding enterprise data and knowledge of the relevant data protection laws and regulations (e.g. GDPR, PCI-DSS and PSD2). Regulatory compliance
  • Excellent communicator, both verbal and written, in English. Comfortable communicating high-level concepts to senior stakeholders whilst also being able to delve into the detail of complex changes when required
  • Fluency in English is a must. Other languages like Italian or Spanish are a plus
  • Implement security measures to protect systems and information infrastructure following the appropriate policies and procedures
  • Investigate data breaches, leaks and other cybersecurity incidents
  • Establish and update BCP process and update the procedure related to Security Incident Response
  • Ensure the protection of HW and SW Information systems and the information stored on them from theft or damage, as well as from disruption or misdirection of the services they provide
  • Control physical access to HW, as well as protection against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional or accidental
  • Establish Identity and access management policies describing the management of individual principals, their authentication, authorization and privileges within or across systems and enterprise boundaries
  • Update Security Architecture to be fully integrated within the SDLC
  • Ensure Continuous improvement with regards to IT Security measures, metrics generation and management
  • Develop action plans definition and follow-up to remediate findings and vulnerabilities
  • Support the integration with security services at Group level