Summary of Position
Responsible for:
- Developing and implementing IT Security strategy, policies, programs, and procedures. Drive their implementation and maintenance across MHR – North America Region.
- Managing the daily IT Security operations of MHR – North America Region
- Providing IT Security consulting support across various business units within MHR – North America Region
- Promoting IT Security Awareness amongst end users within MHR – North America Region
- Working with key business stakeholders to incorporate IT Innovations and Process Improvements into their operations
- Managing and driving Special Projects or initiatives for the group as assigned by the reporting officer.
This is an on-site position at DTC
Must be dependable, friendly, and have a positive attitude.
Responsibilities
Security Strategy / Risk Management / Security Awareness
- Formulate, develop, and implement IT Security strategy, policies, programs, and procedures aligned to the MHR – North America's business objectives and goals.
- Manage a threat and vulnerability management program that includes penetration testing, vulnerability scanning, patch management, data loss prevention, and threat assessments.
- Lead and drive PCI-DSS Compliance program together with identified business stakeholders for North America Region.
- Identify and implement process improvements in the architecture and/or infrastructure of existing systems in IT Security.
- Keep current on emerging security technologies and their relevance to MHR's IT Security strategy.
- Keep abreast of new or changing regulatory requirements and technology advancements to identify trends, emerging threats, and their effects on the IT Security posture of MHR – North America. Formulate appropriate strategies to address such threats to minimize MHR's exposure.
- Identify, assess, and mitigate risks across the different IT functions (i.e., Infrastructure, Applications, Operations, Security) and provide frequent updates to the Director of IT, North America.
- Managing IT security-related controls and their successful implementations.
- Institutes an IT Security risk register evaluates control options for identified risks, reviews action plans, and resolution of control issues.
- Accountable for end-to-end management of all IT Security incidents, from investigations, mitigations, resolutions, and reporting in close cooperation and coordination with the teams responsible for crisis management and security incident response, as well as the senior management team.
- Provide updates and risk mitigation recommendations for all IT Security incidents to the senior management and business stakeholders.
- Track and document incidents from initial detection through final resolution to support future analytical efforts and situational awareness.
- Develop a suitable IT Security Awareness program, with an understanding of the risk landscape and highlight critical risks, for employees of MHR – North America.
- Working with the hotel HR teams to present and educate MHR – North America employees on IT Security topics.
Operations Excellence
- Manage the daily IT Security operations of MHR – North America.
- Operate and monitor threats based on reported intelligence and triggers.
- Implement various security solutions as controls and measures for effective threat mitigation.
- Work cooperatively with different IT functions to incorporate minimum security baselines for IT platforms and technologies.
- Provides IT Security consulting support / advice to key business stakeholders and business units across MHR – North America region that could be impacted by compliance, risk, or threats.
- Perform periodic IT Security audits across MHR – North America's properties to ensure compliance with established MHR's IT Security policies, PCI-DSS, and regulatory requirements.
- Work with different IT functions to address external / internal audit gaps identified within the timeframe committed.
Innovations / Process Improvements / Special Projects
- Work closely with key business stakeholders to understand business needs and IT pain points to scope out process improvements or innovative projects to address the business needs or pain points.
- Performed annual work plans, budgeting, and regular cost tracking in the respective responsible tracks.
- Led, managed, and participated in Special Projects, as well as any other duties and responsibilities assigned.
Desired Profile
- Possess a bachelor's degree in Computer Science or Information Security related discipline, with three years or more relevant working experience in a similar capacity.
- Relevant IT Security certifications such as CISSP or CISM are preferred. Knowledge of Information Security standards (e.g., PCI-DSS) is required.
- Must have a dynamic, outgoing personality, be a good team player with a pleasant and cheerful appearance, and possess good interpersonal skills to understand user requirements.
- Strong interest in IT security management and keeping abreast of the dynamic threat landscape. Self-starter, ability to work independently with minimal supervision.
- Strong analytical and problem-solving skills are essential. Strong communication (both written and verbal) skills to be able to interact with technical and non-technical colleagues and the ability to influence at an executive level.
Job Type: Full-time
Pay: $85,000.00 - $100,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Employee assistance program
- Employee discount
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Retirement plan
- Tuition reimbursement
- Vision insurance
Experience level:
- 3 years
Schedule:
- 10 hour shift
- 12 hour shift
- 8 hour shift
- Day shift
- Monday to Friday
Education:
- Bachelor's (Preferred)
Experience:
- Network security: 3 years (Required)
- PCI: 3 years (Required)
- cissp: 3 years (Required)
- cism: 3 years (Required)
Ability to Relocate:
- Denver, CO 80237: Relocate before starting work (Required)
Work Location: In person