TUI

Security Architect - M365

TUI  •  Matosinhos, PT (Hybrid)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

We're looking for a talented technical leader to join our newly formed Security Architecture team and drive control implementation across TUI's CISA-aligned Zero Trust programme. You'll be the primary driver of measurable security progress, converting strategy into deployed, verifiable controls that reduce real risk across our global technology estate.

ABOUT OUR OFFER

  • Personal benefits Attractive remuneration, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
  • Flexible working Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
  • A career to shape Opportunities to upskill, reskill and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
  • Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
  • Community Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community.

ABOUT THE JOB

  • You'll drive control implementation across all five CISA Zero Trust pillars - Identity, Devices, Networks, Applications and Workloads, and Data - translating pillar OKR commitments into specific, sequenced control deployments with defined owners, timelines, and measurable success criteria.
  • Owning the measurement framework for Zero Trust maturity progression will be central to your role, using Microsoft Security Exposure Management, Maester security assessments, and Microsoft Secure Score to track control status changes, maintain time-series data, and escalate stalled controls before they impact quarterly OKR targets.
  • Working directly with pillar owners - Identity, Devices, Network, Applications, and Data leads - you'll convert high-priority workshop outputs into active delivery backlogs, challenging shared ownership arrangements and ensuring each control has a single named owner with budget authority.
  • You'll provide technical depth across pillar-specific control areas including Conditional Access policy design, Entra ID Governance, PIM, phishing-resistant MFA deployment, trusted device strategy, Intune policy enforcement, network segmentation, secure remote access patterns, application ownership models, Entra SSO integration, API security governance, and data loss prevention aligned to the Secure Future Initiative.
  • Triaging Microsoft Secure Score recommendations against pillar OKR priorities will be part of your day-to-day, as you assign each recommendation to the correct pillar owner with delivery timelines, track closure rates, and separate high-impact risk-reducing controls from low-value compliance activities.
  • You'll generate evidence of risk reduction for board reporting and cyber insurance renewal, presenting Zero Trust progress in terms of attack surface change and business impact rather than framework terminology.

ABOUT YOU

  • You have a demonstrable track record of delivering Zero Trust control implementation - not just designing it - across enterprise environments, with practical understanding of the CISA Zero Trust Maturity Model across all five pillars and the ability to assess current state against Traditional, Initial, Advanced, and Optimal maturity stages.
  • Evidence of driving security control implementation through delivery teams in large, complex organisations is essential, as you distinguish between controls that have been deployed and verified versus those that have only been documented or recommended, actively rejecting activity-based metrics in favour of outcome-based measurement.
  • Hands-on experience with Microsoft Security Exposure Management, Microsoft Secure Score, Maester, and the Microsoft Defender suite enables you to extract control status data, interpret attack path exposure metrics, and use tooling output to drive delivery prioritisation and evidence compilation.
  • Your proficiency with Entra ID, Intune, Defender for Endpoint, and Defender for Office 365 as control implementation platforms means you can provide technical depth across Identity, Devices, Networks, Applications, and Data pillar-specific control areas.
  • You're able to identify and challenge shared ownership arrangements that prevent control implementation, assigning single accountable owners to controls and holding them to delivery commitments, understanding that a control without a named, funded owner is an unmanaged risk.
  • Experience working within an OKR framework where key results are tied to measurable security outcomes is important, as you understand that programme maturity is measured by controls implemented and attack surface reduced - not by documents produced or workshops delivered.
  • Operating within or alongside a formal security architecture governance function comes naturally to you, as you contribute to quarterly reporting cadences and multi-team delivery coordination across complex enterprise environments.
  • You're highly autonomous and able to identify what needs to happen next without being directed, taking ownership of blockers and working comfortably across organisational boundaries to challenge delivery teams when progress is below expectation.
  • Being comfortable with ambiguity in an actively evolving programme is essential, as you adjust your approach based on what measurement data shows and stay motivated by reducing actual risk rather than achieving compliance posture.

From a workplace to a place to belong. At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.


We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.

#LI-DVB

TUI

About TUI

We’re adventure seekers. Smile givers. Impact makers.

We believe in the power of travel. It broadens horizons for our customers, and for our people too. New places to live, new roles to explore, new communities to join. It’s yours for the taking.

We’re TUI, a leading global travel and leisure experience company that makes holiday dreams come true for people around the world.

We are one of the world’s leading tourism groups counting 1200 travel agencies and online portals, five airlines with around 130 aircraft, over 400 hotels, 16 cruise liners, digital platforms for tours and activities and most importantly over 60 000 colleagues around the world. What unites us is creating moments that enrich the lives of our 21 million customers.

Beside the unforgettable experience we provide our customers, we also believe in the good that tourism can bring and we care deeply about our environmental impact. The TUI Care foundation has projects in over 30 countries worldwide, building on the potential of tourism as a global force for development. The Foundation opens up new perspectives through education and training, empowers local communities to benefit from the success of tourism and engages in the protection of nature and the environment.

At TUI we simply say “Let’s TUI it”. For us, that means creating happiness. Tackling challenges every day together, with a positive, can-do attitude, and finding solutions even for the most unexpected situations. Our teams across TUI are just as diverse as our destinations. So whether you have lots of experience or none at all. If you want to work in an office or feel best in the field. No matter if you’re an accomplished tech whizz, an aspiring entertainer, or simply in love with flying.

There’s a place for you here.

Industry
Travel & Hospitality
Company Size
10,000+ employees
Headquarters
Hannover, DE
Year Founded
Unknown
Social Media