Incident Response Manager

TUI Group is the world’s number one integrated tourism business. The Security Domain is a global team within TUI Technology responsible for leading Information Security risk management across TUI. TUI Technology are a multi-disciplinary team of experts across Security, Architecture, Engineering, DevOps and Agile Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Germany, Belgium and The Netherlands.

At TUI we’re ambitious to become the leader in technology within the travel industry and to achieve this we are looking to build a capable, creative team who want to be a part of accomplishing that goal.

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience.

As Incident Response Manager within our Security Operations team, you will perform a crucial role in the management and prevention of cyber security indents. You will be a specialist in cyber incident response working in support of our missions to minimise the potential for harm or loss from cyber incidents.

The role will be published until 28th July 2026.

ABOUT OUR OFFER

• Personal benefits: Attractive remuneration, discretionary bonus schemes, generous travel benefits, extensive health & well-being support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance with a dynamic working environment.
• A career to shape: Access the TUI Learning Hub to level-up and reach your ambitions.
• Broaden your network: We champion intercultural collaboration and provide opportunities to work on global projects and teams.
• Community: Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation.

ABOUT THE JOB

• You'll contribute to the development, maintenance, and assessment of our Cyber Incident Response Plan while developing and implementing procedures related to incident handling.
• Identifying, analyzing, mitigating, and communicating cyber security incidents, you'll apply problem management to prevent incidents from reoccurring and measure detection and response effectiveness.
• We'll look to you to collect, analyze, and correlate cyber threat information from multiple sources, producing actionable intelligence for dissemination to stakeholders at tactical, operational, and strategic levels.
• Evaluating the resilience of cyber security controls, you'll adopt and develop incident handling testing techniques while establishing procedures for incident results analysis and reporting.
• Your role will involve cooperating with and supporting Secure Operation Centres and Computer Security Incident Response Teams while documenting incident handling actions comprehensively.
• Working closely with the Cyber Security Operations Lead, information security colleagues, IT operations teams globally, and key personnel, you'll ensure reporting of security incidents according to applicable regulatory and legal frameworks.

ABOUT YOU

• You have experience practicing all technical, functional, and operational aspects of cyber security incident handling and response in an enterprise organization.
• Your ability to collect, analyze, and correlate cyber threat information enables you to manage incident response related to operating systems, servers, clouds, and relevant infrastructures.
• You bring strong knowledge of cyber incident handling standards, methodologies, and frameworks along with Secure Operation Centres platform technology such as SIEM, SOAR and CTI.
• You possess management skills for incident records, report writing and presentation with the ability to analyze and report security incidents to technical and non-technical stakeholders.
• Your communication skills, both written and verbal, enable you to influence information security and IT operations colleagues from around the world.
• You have solid understanding of cyber threats, Cyber Kill Chain, Attack and Defend Frameworks, along with knowledge of cyber security-related certifications, laws, regulations, and legislations.

From a workplace to a place to belong. At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.

We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.