Director Of IT Cyber Security Risk & Compliance

Essential Functions & Responsibilities

As a member of the Home Office IT team, and under the direction of the VP of Information Technology, this role contributes advanced skill in cyber security technology solutions/architecture, hotel operations and business knowledge. This strategic role is responsible for leading, evolving, maintaining, auditing and remediating the group & hotels’ cyber risk and compliance program.  In execution this role will ensure all cyber security and compliance reporting operations executed by internal and external resources are monitored, secure, regulated, and aligned with brand, guest regulatory entity expectations. The Director of IT Cyber Security Risk & Compliance will interface with vendors, owners, auditors, home office executives, stakeholders and team members as required to…

• Establish and lead a mature cyber risk program aligned with industry standards such as NIST Cybersecurity Framework (CSF) or ISO 27001 and hospitality relevant regulations such as PCI-DSS, GDPR, etc.
• Partner with IT Department leadership to develop, document, evolve, audit and enforce IT security policies including secure configuration, edge/perimeter protection, secure configuration, vulnerability management, resiliency and incident response protocols.
• Integrate with the broader enterprise-wide risk management (ERM) strategy and set the organization’s cyber risk tolerance.
• Lead, monitor, audit and partner with the People and Operations leadership to foster and enforce cyber awareness and embedded security best practices across all teams.
• Drive the cultural, technical and process changes necessary to enable a secure, cyber risk aware user base.
• Collaborate with the Corporate Director of Applications and Network Security & Compliance to design, implement cyber strategies and solutions that will ensure secure and stable connectivity for all solutions, infrastructure and platforms.
• Effectively initiate, plan, schedule, control, and bring to closure multiple high priority projects.
• Monitor and audit all security related SOP’s, infrastructure, network and related architectures and solutions in alignment with SH Standards and policies.
• Work across the enterprise/organization to provide domain-based knowledge and  leadership to prioritize and track and audit risk mitigation strategies/solutions.
• Assess, evaluate, recommend innovative technologies and best practices for adoption
• Establish a formal cyber risk committee and lead and report on the organization’s security posture monthly with reports and quarterly Security Forum Committee meetings.
• Drive standardization and automation into all aspects of SH’s security monitoring, detection and response capabilities.
• Maintain and update the organization’s cyber risk register with key risk indicator (KRI’s)
• Serve as the primary liaison for internal audits (executed quarterly) and external audits (executed annually).
• Engage and foster relationships with peer, business counterparts, and with internal and external customers to ensure smooth operations for hotel and corporate.
• Participate in property updates, briefings that may arise due to issue escalation

REQUIREMENTS

• A minimum of 7 to 10 years in hospitality IT Networking/Applications and Cyber Security practices and tools.
• Corresponding experience in project management & delivery, process development & improvement and resource management.
• 3 to 5 years’ experience in senior or featured leadership managing risk & compliance.
• Familiarity and active experience ensuring environments and systems are compliant with regulatory entities and internal/organizational policies.
• Proven experience leading development and delivery of multiple complex security-related technology solutions into production that have achieved or surpassed business goals.
• Deep knowledge of system cyber security systems architecture, technical design, and system and software development technology.
• Knowledge of emerging trends and developments in cyber-threats and related vulnerabilities including but not limited to PaaS, SaaS, endpoint, mobile, cloud, and AI environment.
• Experience ensuring compliance with cyber security/risk regulations and entities that enable governance, maturity and best practices (i.e. NIST, PCI-DSS, GDPR, CPP, etc)
• Takes on other duties needed to help drive our Purpose, fulfill our Brand Principles, and abide by our Organization’s Values.