Summary
Overview
Work History
Education
Skills
Certification
Accomplishments
Languages
Personal Information
Career Experience
Work Preference
Work Availability
Interests
Timeline
Santiago Navarro

Santiago Navarro

Madrid

Summary

Proven experience delivering IT risk initiatives and devising innovative solutions to meet everchanging business requirements related to IT, IS, and project management. Dynamic, business-oriented IT Security professional with extensive experience driving projects surrounding Information security, ITIL processes, disaster recovery, and IT service management. Proactive hands-on management approach; fostering teamwork, best practices utilizing common PM methodologies, standards (Agile and Waterfall) to improve overall quality of projects for large scale organization. Formidable background in information assurance, cloud security, cybersecurity, product security, enterprise architecture, and solution architecture within diverse sectors. Adept at managing multicultural teams and complex projects across large multinational companies. Ability to implement business strategy for corporate security solutions, governance, risk assessment, management, and auditing networks. Demonstrated skills with leading-edge IT security tools complemented by solid ability to rapidly utilize emerging technologies including AWS, Microsoft Azure, GCP, and cloud architectures. Collaborative communicator continually focused on building relationships within an organization to drive positive outcomes of special projects.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Business Information Security Officer (Hotels & Resorts and Future Markets)

TUI Group Security
05.2021 - Current
  • Deliver direct report to the TUI Group Global CISO and CIOs
  • Manage TUI global digitalization program by acting as cybersecurity program lead for accommodation and flight sourcing, leading seven teams
  • Helped the Airline Acceleration business (TUI Malaysia) to certify its core business application against the ISO 27001:2022
  • Built and directed the cybersecurity strategy for Spain, Malaysia, China, India, Portugal, Italy, and Brazil
  • Developed and employed cybersecurity strategy for Hotels & Resorts: TUI Hotels, TUI Managed Hotels, TUI Partners, and Robinson Clubs
  • Deployed MFA to all the TUI Azure AD accounts and managed the rollout of MFA to all TUI users in Central Region across Germany, Austria, Switzerland, and Poland, ensuring setup of MFA by 95%
  • Established an AWS security framework for Businesses including Hotels and Resorts, Future Markets, Accommodation Sourcing and Flight Sourcing

HEAD of IT Security

TUI Infotec
01.2018 - 05.2021
  • Managed three departments including cybersecurity, IT risk & compliance, and business continuity
  • Developed and implemented security strategy definition and roadmap in alignment with TUI Infotec´s Board and TUI Group Security strategy
  • Directed the Security, IT Risk, and BCM programs by employing agile methodologies
  • Defined security and BCM products for all the TUI Infotec teams and stakeholders through implementation of risk-based approach
  • Defined OKRs and reporting metrics for the management
  • Led the PCI-DSS certification by ensuring 100% compliance
  • Ensured that the Infotec ISMS was running properly
  • Contributed in TUI Group initiatives and working groups, including Group security strategy program, managed information security service provider, Global cloud design authority and cloud centre of excellence, security awareness and training program, and crisis management
  • Oversee Office 365 platform of TUI at worldwide level with over 60K users
  • Drive the Global Program by removing the legacy authentication for all TUI accounts and securing access to MS Teams and SharePoint
  • Design and implement strategy for conditional access by collaborating with TUI business and stakeholders
  • Optimise the process of joiners, movers, leavers by establishing identities consistence in O365 through effective integration with IaM global processes
  • Conduct quality reviews for privileged accounts to evade the risk of insiders and fraud activities
  • Build and employ data loss prevention capabilities within the O365 global tenant
  • Develop and execute an anti-ransomware strategy for the O365 global tenant
  • Liaise with the SOC team to create playbooks for the O365 environment
  • Identify process to ensure the security assurance of 3rd party application and add-ons within O365

Chief Information Security Officer and Head of IT

TUI Spain and Future Markets
07.2016 - 01.2018
  • Led five departments including governance, IT risk & compliance, business continuity, software development, and IT infrastructure
  • Developed and implemented security strategy and roadmap for Spain, Brazil, India, Italy, and China
  • Defined and managed TUI Spain and future markets information security policy based on ISO27001
  • Oversaw BCP definition and implementation for business-critical processes
  • Ensured GDPR assessment and compliance as well as and IT strategy and digital transformation to build an Agile IT Organization
  • Closed all IT Audit findings within 1st year
  • Designed and implemented 100% ITIL processes

Strategic Security Advisor

Self-employeed
08.2015 - 07.2016
  • Led cybersecurity, information security, business continuity, and disaster recovery projects
  • Delivered strategic advice to different organizations across financial services, government, telco, energy, and retail sectors
  • Achieved 100% of goals across different projects

Security Director

Mnemo Evolution and Integration Services
03.2014 - 08.2015
  • Managed new portfolio of Cybersecurity services
  • Prepared and delivered report to the Global CEO / Member of the board
  • Provided assistance to Latin-American and Saudi Arabia offices
  • Directed team of 10 members with overall responsibilities of over 80 people across different customers
  • Increased security sales by 50%

Security Director

Information Global Security
03.2011 - 03.2014
  • Acted as security director and senior advisor for insurance, telecommunications, and government sectors
  • Served as strategic senior security and risk advisor for AXA MedLA Region
  • Established the security strategy for the MedLA Region (up to 20 countries)
  • Developed and executed a new security framework of processes, implemented by Group Security at worldwide level
  • Created and implemented a new cybersecurity risk management framework for five countries; reused worldwide by Group Security

Senior Manager

PricewaterhouseCoopers (PwC)
09.2006 - 03.2011
  • Managed technological risks division of PwC Spain
  • Led security projects by implementing business continuity plans including DRP, strategic security plans, ISMS development and consultancy, risks analysis, SOX and LOPD projects, forensics, pent-tests, electronic administration, IT audits, identity management consulting
  • Directed multidisciplinary work teams with responsibilities of over 100 people
  • Participated in the ITACA Executive Course (designed for the most talented Managers and Senior Manager of PwC Spain)
  • Participated in the 'European most talented Managers Course' developed in Paris
  • Involved in several 'Innovation Groups' of PwC Spain

Education

TUI Perspectives Leadership Program -

TUI Global Leadership, Hanover, Germany
12.2024

Leadership program covering the following topics:

- Leading self.

- Leadership core.

- Empowering others.

- Facilitating change.

- Being the change.

MBA - Business Executive

PwC ITACA Program, Madrid
12.2008

Technical Computing Science Degree -

C.E.U. San Pablo, Madrid, Spain
09.1996

Skills

  • Information Security and Cybersecurity
  • Risk management
  • Business Continuity Strategy
  • Leadership
  • Teamwork and collaboration
  • Effective communication
  • Relationship building

Certification

  • AWS Security Specialty, Current
  • Executive Training: (Coaching, Excellence in Business, Management, Risk Management, PwC M-Power Managers of Europe, Management Control, Commercial Skills, etc.)
  • ISO/IEC 27001:2022 Lead Implementer by Courseware
  • BS 25999 Lead Auditor certification by BSI
  • AWS security engineering. (AWS Onsite training)
  • AWS Security Best Practices - Level: Intermediate (AWS Digital training)
  • AWS Solution Architect (A Cloud guru)
  • Microsoft Azure secure technologies - AZ500
  • Microsoft Azure Administrator - AZ104
  • Microsoft Azure Architect Technologies - AZ300
  • Microsoft Modern Authentication

Accomplishments

  • Increased compliance of security KPIs up to 85% at TUI Group Business Domains where I'm responsible.
  • Decreased external facing vulnerabilities by 75% at TUI Group Business Domains where I'm responsible.
  • Managed to get the TUI Malaysia business to get the ISO 27001:2022 certification by 08/2024.
  • Structured 100% of the initiatives defined in the security strategy at TUI InfoTech.
  • Setup of 90% of the initiatives defined in the business continuity strategy at TUI InfoTech.
  • Lowered number of security incidents by 75% at TUI Spain and Future Markets.
  • Ensured effective GDPR assessment and compliance by implementing 90% of the proposed actions at TUI Spain and Future Markets.
  • Managed and achieved 100% goals of diverse IT risk and cyber security projects across companies and regions.

Languages

Spanish
Bilingual or Proficient (C2)
English
Advanced (C1)

Personal Information

  • Title: IT Risk & Cyber Security Management Executive
  • Date of Birth: 07/09/71
  • Gender: Male
  • Nationality: Spanish
  • Marital Status: married

Career Experience

  • Business Information Security Officer (Hotels & Resorts and Future Markets), TUI Group Security, Madrid, Spain, 05/2021, Present, Deliver direct report to the TUI Group Global CISO and CIOs., Manage TUI global digitalization program by acting as cybersecurity program lead for accommodation and flight sourcing, leading seven teams., Helped the Airline Acceleration business (TUI Malaysia) to certify its core business application against the ISO 27001:2022., Built and directed the cybersecurity strategy for Spain, Malaysia, China, India, Portugal, Italy, and Brazil., Developed and employed cybersecurity strategy for Hotels & Resorts: TUI Hotels, TUI Managed Hotels, TUI Partners, and Robinson Clubs., Deployed MFA to all the TUI Azure AD accounts and managed the rollout of MFA to all TUI users in Central Region across Germany, Austria, Switzerland, and Poland, ensuring setup of MFA by 95%., Established an AWS security framework for Businesses including Hotels and Resorts, Future Markets, Accommodation Sourcing and Flight Sourcing.
  • HEAD of IT Security, TUI Infotec, Hannover, Germany, 01/2018, 05/2021, Managed three departments including cybersecurity, IT risk & compliance, and business continuity., Developed and implemented security strategy definition and roadmap in alignment with TUI Infotec´s Board and TUI Group Security strategy., Directed the Security, IT Risk, and BCM programs by employing agile methodologies., Defined security and BCM products for all the TUI Infotec teams and stakeholders through implementation of risk-based approach., Defined OKRs and reporting metrics for the management., Led the PCI-DSS certification by ensuring 100% compliance., Ensured that the Infotec ISMS was running properly., Contributed in TUI Group initiatives and working groups, including Group security strategy program, managed information security service provider, Global cloud design authority and cloud centre of excellence, security awareness and training program, and crisis management., Oversee Office 365 platform of TUI at worldwide level with over 60K users., Drive the Global Program by removing the legacy authentication for all TUI accounts and securing access to MS Teams and SharePoint., Design and implement strategy for conditional access by collaborating with TUI business and stakeholders., Optimise the process of joiners, movers, leavers by establishing identities consistence in O365 through effective integration with IaM global processes., Conduct quality reviews for privileged accounts to evade the risk of insiders and fraud activities., Build and employ data loss prevention capabilities within the O365 global tenant., Develop and execute an anti-ransomware strategy for the O365 global tenant., Liaise with the SOC team to create playbooks for the O365 environment., Identify process to ensure the security assurance of 3rd party application and add-ons within O365.
  • Chief Information Security Officer and Head of IT, TUI Spain and Future Markets, Madrid, Spain, 07/2016, 01/2018, Led five departments including governance, IT risk & compliance, business continuity, software development, and IT infrastructure., Developed and implemented security strategy and roadmap for Spain, Brazil, India, Italy, and China., Defined and managed TUI Spain and future markets information security policy based on ISO27001., Oversaw BCP definition and implementation for business-critical processes., Ensured GDPR assessment and compliance as well as and IT strategy and digital transformation to build an Agile IT Organization., Closed all IT Audit findings within 1st year., Designed and implemented 100% ITIL processes.
  • Strategic Security Advisor, Self-Employed, Madrid, Spain, 08/2015, 07/2016, Led cybersecurity, information security, business continuity, and disaster recovery projects., Delivered strategic advice to different organizations across financial services, government, telco, energy, and retail sectors., Achieved 100% of goals across different projects.
  • Security Director, Mnemo Evolution and Integration Services, Madrid, Spain, 03/2014, 08/2015, Managed new portfolio of Cybersecurity services., Prepared and delivered report to the Global CEO / Member of the board., Provided assistance to Latin-American and Saudi Arabia offices., Directed team of 10 members with overall responsibilities of over 80 people across different customers., Increased security sales by 50%.
  • Security Director, Information Global Security, Madrid, Spain, 03/2011, 03/2014, Acted as security director and senior advisor for insurance, telecommunications, and government sectors., Served as strategic senior security and risk advisor for AXA MedLA Region., Established the security strategy for the MedLA Region (up to 20 countries)., Developed and executed a new security framework of processes, implemented by Group Security at worldwide level., Created and implemented a new cybersecurity risk management framework for five countries; reused worldwide by Group Security.
  • Senior Manager, PricewaterhouseCoopers (PwC), Madrid, Spain, 09/2006, 03/2011, Managed technological risks division of PwC Spain., Led security projects by implementing business continuity plans including DRP, strategic security plans, ISMS development and consultancy, risks analysis, SOX and LOPD projects, forensics, pent-tests, electronic administration, IT audits, identity management consulting., Directed multidisciplinary work teams with responsibilities of over 100 people., Participated in the ITACA Executive Course (designed for the most talented Managers and Senior Manager of PwC Spain)., Participated in the 'European most talented Managers Course' developed in Paris., Involved in several 'Innovation Groups' of PwC Spain.

Work Preference

Work Type

Full Time

Work Location

Hybrid

Important To Me

Work-life balanceCompany CulturePersonal development programsCareer advancementWork from home option

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Interests

Music

Reading

Outdoor sports

Travel

Timeline

Business Information Security Officer (Hotels & Resorts and Future Markets) - TUI Group Security
05.2021 - Current
HEAD of IT Security - TUI Infotec
01.2018 - 05.2021
Chief Information Security Officer and Head of IT - TUI Spain and Future Markets
07.2016 - 01.2018
Strategic Security Advisor - Self-employeed
08.2015 - 07.2016
Security Director - Mnemo Evolution and Integration Services
03.2014 - 08.2015
Security Director - Information Global Security
03.2011 - 03.2014
Senior Manager - PricewaterhouseCoopers (PwC)
09.2006 - 03.2011
TUI Global Leadership - TUI Perspectives Leadership Program,
PwC ITACA Program - MBA, Business Executive
  • AWS Security Specialty, Current
  • Executive Training: (Coaching, Excellence in Business, Management, Risk Management, PwC M-Power Managers of Europe, Management Control, Commercial Skills, etc.)
  • ISO/IEC 27001:2022 Lead Implementer by Courseware
  • BS 25999 Lead Auditor certification by BSI
  • AWS security engineering. (AWS Onsite training)
  • AWS Security Best Practices - Level: Intermediate (AWS Digital training)
  • AWS Solution Architect (A Cloud guru)
  • Microsoft Azure secure technologies - AZ500
  • Microsoft Azure Administrator - AZ104
  • Microsoft Azure Architect Technologies - AZ300
  • Microsoft Modern Authentication
C.E.U. San Pablo - Technical Computing Science Degree,

Similar Profiles

  • Gunther Batsleer

    Gunther BatsleerGunther Batsleer

    Group Director of Ancillaries at TUI GroupGroup Director of Ancillaries at TUI Group

    View Profile
  • Lakshman Rao Are

    Lakshman Rao AreLakshman Rao Are

    Senior Test Lead at Sonata Europe Limited (Client: TUI Group)Senior Test Lead at Sonata Europe Limited (Client: TUI Group)

    View Profile
  • Sinisa Vlaisavljevic

    Sinisa VlaisavljevicSinisa Vlaisavljevic

    Chief Secureity Officer at TUI Cruises (Seachefs for Royal Caribbean Cruise lines and TUI Cruises)Chief Secureity Officer at TUI Cruises (Seachefs for Royal Caribbean Cruise lines and TUI Cruises)

    View Profile
Santiago Navarro