IT Security Specialist

Milano, Lombardia, Italia | Tech | Full-time

Apply by: No close date

TUI Musement is a leading Tours & Activities business. It combines a scalable digital platform with local service delivery, to offer excursions, activities, tickets, and transfers in more than 50 countries worldwide. There are over 130,000 ‘things to do’ in all major holiday and city destinations, which are distributed through B2B partners, via the Musement and TUI websites, and direct to TUI customers. We also offer services to cruise lines through Intercruises Shoreside & Port Services in ports worldwide. TUI Musement sold around 10 million excursions, tours, and activities delivered by our international colleagues located around the world and is one of the major growth areas of TUI Group. In 2018, TUI’s Tours & Activities division acquired Musement, a leading traveltech start-up. Following a two-year transition period, both became one fully integrated business - known as TUI Musement - combining the global reach, strong resources, and high-quality in-destination service delivery of TUI, with the digital capabilities, agile working methodology, and start-up mindset of Musement.

In 2020 we have been awarded the Great Place To Work Italia Certification.

Your Mission @Musement

Joining the TUI Destination Experiences CIO Office team as IT Security Specialist, you will be responsible for implementing the enterprise vision, strategy and program to ensure data, assets and technologies are properly protected. Also support the IT security officer in identifying, developing, implementing and maintaining processes across the organization, compliance with the policies to reduce data and IT security risks. 


What you will do with us

  • Implement security measures to protect systems and information infrastructure following the appropriate policies and procedures
  • Investigate data breaches, leaks and other cyber security incidents
  • Establish and update BCP process and update the procedure related to Security Incident Response
  • Ensure the protection of HW and SW Information systems and the information stored on them from theft or damage, as well as from disruption or misdirection of the services they provide
  • Control physical access to HW, as well as protection against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional or accidental
  • Establish Identity and access management policies describing the management of individual principals, their authentication, authorization and privileges within or across systems and enterprise boundaries
  • Update Security Architecture to be fully integrated within the SDLC
  • Ensure Continuous improvement with regards to IT Security measures, metrics generation and management
  • Develop action plans definition and follow-up to remediate findings and vulnerabilities
  • Support the integration with security services at Group level


What you are expected to bring

  • Existing Project Management skills and knowledge of Agile methodologies
  • Knowledge of the Linux and Windows platforms. Familiarity with the operating system security requirements
  • Knowledge of AWS cloud infrastructure security and shared responsibility model. Familiarity with AWS security tools like Inspector, Guard Duty and Trusted Advisor
  • Understanding of Information Privacy and legal issues surrounding enterprise data and knowledge of the relevant data protection laws and regulations (e.g. GDPR, PCI-DSS and PSD2). Regulatory compliance
  • Excellent communication skills, both verbal and written, in English.

What will help you be successful in this role

  • Being comfortable with communicating high-level concepts to senior stakeholders whilst also being able to delve into the detail of complex changes when required.
  • Excellent team player skills, able to engage with colleagues both in person and on a remote working basis

What you already achieved

  • Undergraduate Degree or University Degree
  • Implementing best practices in IT Security Management, Disaster Recovery, and Business Continuity Management policies and procedures.
  • UNE ISO/IEC 27000 Certificate 


  • The opportunity to join the team of one of the most exciting divisions of Europe’s largest travel company

We can't wait to meet you!

People&Culture Team