Information Security Officer in Luton

Responsibilities

• You’ll promote and inspire a security‑first culture at TUI, directing the development and implementation of an enterprise Information Security strategy that aligns with our business needs.
• You will lead the provision of Information Security resources, expertise and guidance, ensuring each Domain is motivated and empowered to deliver their prioritised roadmap.
• Your extensive business knowledge will help you drive adoption of security policies, standards and controls through expert advice, protecting our most critical assets with appropriate assurance and rigorous testing.
• You will manage security incidents effectively through engagement with our security operations team, ensuring lessons learned and audit findings are remediated whilst maintaining effective security operations.
• You will build strong working relationships across business and IT teams, explaining complex ideas to audiences at all levels in a persuasive manner, instilling secure ways of working.
• You will report on the overall effectiveness of the security programme against defined key performance indicators, driving continuous improvement and leading workstreams focused on developing the GRC team.

Qualifications

• You are an experienced authentic leader with a solid understanding of technology and managing Information Security risks in the enterprise, passionate about delivering business value.
• You possess strong people leadership skills and have experience mentoring and developing security talent from different cultural backgrounds.
• As a great communicator and influencer, you are comfortable working across hierarchical, organisational, cultural and market boundaries, articulating IT security issues clearly to both technical and non‑technical audiences.
• You hold a recognised security accreditation (CISSP, CISM, CISA, etc.) or equivalent experience with demonstrable continuous professional development, maintaining a good understanding of the latest security threats and mitigating strategies.
• Your experience includes implementing and maintaining an Information Security Management framework such as ISO 27001 or NIST CSF, with a strong understanding of international regulatory context, particularly NIS 2, Part‑IS and aviation‑specific requirements.
• You have experience governing or managing audits by aviation regulators across Europe, integrating security into the software development lifecycle and cloud security; you understand technology standards such as CIS, NIST, PCI, OWASP, ITIL and COBIT, and experience with AWS workloads is desirable.

Benefits

• Attractive remuneration, discretionary bonus schemes, generous travel benefits, extensive health & well‑being support, and more.
• Flexible working – we encourage a healthy work‑life balance with a dynamic working environment.
• A career to shape – access the TUI Learning Hub to level‑up and reach your ambitions.
• Broaden your network – we champion intercultural collaboration and provide opportunities to work on global projects and teams.
• Community – get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation.