TUI Group is the world’s number one integrated tourism business. The Security Domain is a global team within TUI Technology responsible for leading Information Security risk management across TUI. TUI Technology are a multi-disciplinary team of experts across Security, Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denspan, Finland, Germany, Belgium and The Netherlands. 

At TUI we’re ambitious to become the leader in technology within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal. 

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience. 

As Cyber Incident Response Manager within our Security Operations team, you will perform a crucial role in the management and prevention of cyber security indents. You will be a specialist in cyber incident response working in support of our missions to minimise the potential for harm or loss from cyber incidents. 

•  Now taking applications until 20-01-2025

ABOUT OUR OFFER
 

• Personal benefits: Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
• A career to shape: Opportunities to upskill, reskill and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
• Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
• Community: Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community. 

ABOUT THE JOB  

As Cyber Incident Response Manager you will report to the Cyber Security Operations Lead. You will be responsible for the development, maintenance and assessment of the cyber incident response plan, related testing and our procedures related to incident handling.  

You will also support the management of cyber threat intelligence, its collection, analysis and the production of actionable intelligence and dissemination to stakeholders, at a tactical, operational, and strategic level. 

• Contribute to the development, maintenance, and assessment of the Cyber Incident Response Plan. 
• Contribute to the collection, analysis, and use of Cyber Threat Intelligence. 
• Develop, implement, and assess procedures related to incident handling. 
• Identify, analyse, mitigate, and communicate cyber security incidents. 
• Apply problem management to security incidents, agree and follow up on actions to prevent incidents from reoccurring. 
• Measure cyber security incidents detection and response effectiveness. 
• Evaluate the resilience of the cyber security controls and mitigation actions taken after a cyber security or data breach incident. 
• Adopt and develop incident handling testing techniques. 
• Establish procedures for incident results analysis and incident handling reporting. 
• Document incident results analysis and incident handling actions. 
• Cooperate and support Secure Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs). 
• Cooperate with key personnel for reporting of security incidents according to applicable regulatory and legal frameworks. 

ABOUT YOU 

• Practice all technical, functional, and operational aspects of cyber security incident handling and response in an enterprise organisation.  
• Collect, analyse, and correlate cyber threat information originating from multiple sources.  
• Incident response related to operating systems, servers, clouds, and relevant infrastructures.  
• Management of incident records and report writing and presentation. 
• Work under pressure.  
• Analysis and reporting of security incidents and trends to technical and non-technical stakeholders. 
• Preparation and presentation of written and verbal threat intelligence briefings.  
• Manage and analyse log files.  
• Communication skills both written and verbal, and interpersonal skills so that you can work influence your information security, and IT operations colleagues from around the world. 
• Cyber Incident handling standards, methodologies, and frameworks.  
• Cyber Threat Intelligence standards, methodologies, and frameworks.  
• Secure Operation Centres (SOCs) platform technology such as SIEM. SOAR and CTI. 
• IT Service Management and development practices. 
• Cyber Incident handling recommendations and best practices.  
• Cyber Incident handling tools.  
• Digital forensics and procedures for the management of digital evidence. 
• Incident handling communication procedures.  
• Operating systems security.  
• Computer networks security.  
• Cyber threats, Cyber Kill Chain, Attack and Defend Frameworks. 
• Cyber security attack procedures.  
• Computer systems vulnerabilities.  
• Cyber security-related certifications.  
• Cyber security related laws, regulations, and legislations.  
• Secure Operation Centres (SOCs) operation.  
• Computer Security Incident Response Teams (CSIRTs) operation.  

From a workplace to a place to belong.  At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.

We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.