Bringing True Hospitality to the world.
We want to welcome you to a world of bringing True Hospitality to everyone. When you join us at IHG®, you become part of our global family. A welcoming culture of warmth, honesty and a passion for providing True Hospitality.
We pride ourselves on letting your personality and passions shine, recognizing the individual contribution you make and supporting your ambition to learn and create your own career path. In making a difference to our guests and owners, colleagues and communities, every day is a chance to create great and unique experiences, in your own way.
With over 370,000 colleagues in nearly 100 countries sharing our values, there’s countless opportunities at your fingertips.
We’re growing; grow with us.
Responsible for driving and managing the daily activities of IHG’s Information Security Compliance program. Execute security compliance activities, including IT audit management, PCI-DSS and other security-related regulatory requirements for IHG corporate and corporate managed hotels (CMH). Represent the information security department with internal and external constituents, including auditors, executives, and project teams. Responsible for the execution of Compliance processes including controls, attestations and testing, monitoring and oversight of recommendations to correct or mitigate IT systems control and compliance weaknesses. Promote compliance with regulatory requirements and IT best practices, especially with respect to project management, systems development and information security.
· Liaise with stakeholders across Information Security, Global Internal Audit, Global Technology, Global Hotel Operations, BRR and the business to collaborate and execute Security Compliance activities.
· Provide regular communications and metrics to GT and regional VPs to drive action where Compliance gaps have been identified.
· Assist in the development and maintenance of annual Compliance roadmaps including major assessment milestones and communicate to key stakeholders to ensure resource commitments are anticipated.
· Coordinate IHG’s corporate security compliance activities, including PCI-DSS, SWIFT and other security-related regulatory requirements. Provide regular reports to stakeholders to drive action and remediation in addressing gaps.
· Lead decision making for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
· Responsible for GRC solution documentation in support of operational readiness, which may include training, process development and explanation of standards.
· Provide support in the development and maintenance of the PCI-SAQ compliance program for IHG Corporate Managed Hotels; facilitate collection of annual CMH assessments and provide gap reporting to Regional VPs
· Recommend and drive Compliance capability enhancements/improvements on the GRC tool to streamline processes and efficiencies. Work with the policy and risk teams to align processes when possible.
· Assist with the development and alignment of security controls with the Unified Compliance Framework, IHG policies and standards. Automate control assessments leveraging the GRC tool.
· Provide advisory services to business and technology teams concerning security compliance, controls and measurement. Identify areas for improvement and assist in the development of solutions.
· Manage external vendors/teams conducting security compliance program activities and assessments. Proactively gather evidence from key stakeholders prior to external assessments and automate attestations when possible.
· Work closely with all IHG corporate and regional resources on the assessment of corporate technology to fully secure information, computer, network, and processing systems.
· Identify and evaluate technology internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.
· Assist the policy manager, if compliance regulations change to support changes to policies, standards and control objectives.
· Work with stakeholders to ensure policies and procedures are implemented and followed; provide regular feedback to team and management.
· Bachelor's Degree strongly preferred (Computer Information Systems, Computer Science) or equivalent years of work experience
· 3+ years progressive work-related experience in information security with a focus on security compliance. Experience aligning compliance controls with security policies and standards. Experience developing functional and technical requirements for a GRC tool. Detailed oriented; Exceptional oral and written communication skills.
Technical Skills and Knowledge –
· Effective verbal and written communication skills with the ability to take complex information and present to all levels of management, staff, clients and vendors.
· Self-starter with attention to detail and ability to manage multiple projects, delivering timely, exceptional, and complete projects
· Advanced knowledge in managing penetration testing activities including vendor interaction, report results and coordination of remediation activities
· Hands on experience working with internal/external auditors driving security compliance assessments (such as a PCI ROC, SWIFT)
· Knowledge of NIST, SOX, SOC I, GDPR, ISO, COBIT
· Experience managing projects/assessments, ensuring projects are delivered on time/budget.
· Demonstrated experience automating compliance activities utilizing a security governance, risk and compliance (GRC) solution such as ServiceNow (including building functional/technical requirements and reports).
· Demonstrated experience building process and training documentation for GRC stakeholders
· Certifications such as CISA, CISM, CISSP preferred, but not required
We’ll reward all your hard work with a great salary and benefits – including great room discount and superb training.
Join us and you’ll become part of the global IHG family – and like all families, all our individual team members share some winning characteristics. As a team, we work better together – we trust and support each other, we do the right thing and we welcome different perspectives. You need to show us you care, that you notice the little things that make a difference to guests as well as always looking for ways to improve - click here to find out more about us.
IHG is an equal opportunity employer: Minorities / Females / Disabled / Veterans