Senior Information Security Analyst

Sage Hospitality Group is seeking a Senior Information Security Analyst to join our Home Office Team!

As part of Sage Hospitality Group, we passionately strive to be the best and create excellence in everything we do. We believe in enriching lives one experience at a time. More than a slogan, we empower our associates to make positive impacts on the communities in which we live and work. By providing genuine service we build relationships with our guests and value for our shareholders, and we create unforgettable experiences.

We are looking for independent thinkers. Those who harness their entrepreneurial spirit so that it breaks preconceived notions. We’re not afraid to forge our own path. After all, its what industry leaders do. That’s why we welcome risk takers and creative spirits alike. No matter your daily role, Sage recognizes that your success is about more than the work you do—it’s really about who you are, which is why we invest in your personal and professional growth.

The role of Senior Information Security Analyst is comprised of both Information Security and security operation responsibilities. This position plays a pivotal role in overseeing the day-to-day activities of threat and vulnerability management including monitoring and responding to security incidents and threats in real-time. This position is responsible assisting in designing, implementing, and maintaining security measures and policies to protect Sage and the Hotels and Restaurants managed by the Company.

Security Operations:  

• Provide incident response and be a key point of contact during all incidents. The analyst will own incidents from start to finish, including investigation, correlation, triage, response, mitigation, ticketing, documentation, and postmortem analyses.
• Deploy, manage, and monitor security tools to assist in detection, prevention, and analysis of security threats including SIEM/MDR and EDR/IDS/IPS/Email solutions.
• Monitor our alert channels, SIEM/MDR notifications, and EDR/IDS/IPS/Email solutions for incidents, threat hunt for malicious activity, and triage as needed on a 24x7 basis.
• Develop incident response playbooks to contain and minimize incident impact and assist with technical forensic incident investigations.

Information Security:  

• Assist in completing risk assessments, security audits, and developing security policies and procedures.
• Mature the vulnerability management program while reviewing all vulnerability scans, building metrics, and recommending remediation procedures to stakeholders.
• Lead and collaborate on projects related to securing network infrastructure, data protection, access control, and implementing security technologies
• Assist in maintaining the PCI/PII/Cyber awareness training program for all employees.
• Stay informed about Cybersecurity threats and trends and make timely mitigation recommendations.

OTHER RESPONSIBILITIES

• All other duties as assigned, requested, or deemed necessary by management.

SUPERVISORY DUTIES

Manage security tool sets and 3rd party vendors as well as coordination of other IT team members to manage and implement required actions.

BEHAVIORAL FOCUS

At Sage, we pride ourselves on the behaviors that build our culture and help associates perform in their positions. We value integrity, performance, team spirit, growth, delivering extraordinary guest experiences, and engaging in our communities. We have also outlined specific competencies that contribute to success at Sage. Please review our competency models to understand the behaviors expected of different levels in the organization (you may find these models in our learning management system).

Education/Formal Training

Bachelor's degree in Technical Field or relevant experience is required; an advanced degree is preferred.

Prefer CISA or CISSP certification.

Experience

3-5 years of experience in an Information Security and/or security operations role with experience leading investigations, security technology evaluations and tool deployments.

Knowledge/Skills

• Proficiency in using security tools and technologies such as SIEM, EDR, intrusion detection systems, and incident response tools. Strong analytical skills and the ability to respond quickly to security incidents.
• Experience with vulnerability management program concepts, including internal and external scanning mechanisms and remediation processes. Familiarity with penetration testing is a plus.
• Knowledge of risk assessment methodologies, security frameworks, compliance requirements, security policy development, and security architecture design.
• Experience with identity governance administration specifically around user management lifecycle, provisioning and deprovisioning and privileged access management (PAM).
• Ability to work well across the business, properties, and other support teams to achieve a common vision.
• Ability to multitask, meet deadlines, prioritize requests, and work independently while producing quality work.
• Ability to recognize complex business needs and requirements and identify sound solutions.
• Excellent communication skills.
• Excellent customer service skills.
• Occasional after-hours and weekend support and travel.

Physical Demands

The physical demands described here are representative of those that must be met by an associate to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Excellent hearing required for telephone inquiries and client and associate handling.
• Excellent written and verbal communication skills
• Bending/kneeling - repeated bending and kneeling required while filing, Mobility - must be able to reach all areas of hotel and building locations to assist clients.
• Exerting 10-50 pounds of force occasionally and/or greater than negligible up to 10 pounds force constantly to move objects.
• Requires sitting most of the time, but does entails walking, standing, and carrying up to 15 pounds short distances.
• Requires a significant amount of repetitive motion for keyboarding.

• Medical, dental, & vision insurance

• Unlimited paid time off

• Eligible to participate in Sage's bonus plan

• Health savings and flexible spending accounts

• Basic Life and AD&D insurance

• Eligible to participate in the Company’s 401(k) program with employer matching

• Employee Assistance Program

• Tuition Reimbursement

• Great discounts on Hotels, Restaurants, and much more.

• Eligible to participate in the Employee Referral Bonus Program. Up to $1,000 per referral.

The application period will be open for approximately 30 days or until a suitable candidate is identified. We encourage qualified individuals to submit their applications within this timeframe.