Director Of IT Cyber Security Risk & Compliance

Grow with us...

Life at Starwood Hotels is based on a simple idea : the world is beautiful and we want to keep it that way. But we can't do it alone. That's why hiring thoughtful and inspiring Team Members and Leaders who understand that our people, collaboration, stellar service, and respect for nature are so important to us.

Essential Functions & Responsibilities

As a member of the Home Office IT team, and under the direction of the VP of Information Technology, this role contributes advanced skill in cyber security technology solutions / architecture, hotel operations and business knowledge. This strategic role is responsible for leading, evolving, maintaining, auditing and remediating the group & hotels' cyber risk and compliance program. In execution this role will ensure all cyber security and compliance reporting operations executed by internal and external resources are monitored, secure, regulated, and aligned with brand, guest regulatory entity expectations. The Director of IT Cyber Security Risk & Compliance will interface with vendors, owners, auditors, home office executives, stakeholders and team members as required to...

• Establish and lead a mature cyber risk program aligned with industry standards such as NIST Cybersecurity Framework (CSF) or ISO 27001 and hospitality relevant regulations such as PCI-DSS, GDPR, etc.
• Partner with IT Department leadership to develop, document, evolve, audit and enforce IT security policies including secure configuration, edge / perimeter protection, secure configuration, vulnerability management, resiliency and incident response protocols.
• Integrate with the broader enterprise-wide risk management (ERM) strategy and set the organization's cyber risk tolerance.
• Lead, monitor, audit and partner with the People and Operations leadership to foster and enforce cyber awareness and embedded security best practices across all teams.
• Drive the cultural, technical and process changes necessary to enable a secure, cyber risk aware user base.
• Collaborate with the Corporate Director of Applications and Network Security & Compliance to design, implement cyber strategies and solutions that will ensure secure and stable connectivity for all solutions, infrastructure and platforms.
• Effectively initiate, plan, schedule, control, and bring to closure multiple high priority projects.
• Monitor and audit all security related SOP's, infrastructure, network and related architectures and solutions in alignment with SH Standards and policies.
• Work across the enterprise / organization to provide domain-based knowledge and leadership to prioritize and track and audit risk mitigation strategies / solutions.
• Assess, evaluate, recommend innovative technologies and best practices for adoption
• Establish a formal cyber risk committee and lead and report on the organization's security posture monthly with reports and quarterly Security Forum Committee meetings.
• Drive standardization and automation into all aspects of SH's security monitoring, detection and response capabilities.
• Maintain and update the organization's cyber risk register with key risk indicator (KRI's)
• Serve as the primary liaison for internal audits (executed quarterly) and external audits (executed annually).
• Engage and foster relationships with peer, business counterparts, and with internal and external customers to ensure smooth operations for hotel and corporate.
• Participate in property updates, briefings that may arise due to issue escalation

REQUIREMENTS

About us...

As a mission-driven company, our purpose is our true north, and our compass guides the way. The purpose we live by impacts the lives of our team members, drives the experiences for our guests, builds community with like-minded travelers and takes care of the planet we live in. Founded in 2006 by Barry Sternlicht, Starwood Hotels is a luxury hotel brand management company and affiliate of global private investment firm Starwood Capital Group.

Starwood Hotels is an Equal Opportunity Employer. We believe in a diverse, sustainable workforce with an empowered, inclusive culture. We are committed to non-discrimination on any protected basis covered under applicable law. If you require any special accommodations, please visit People Operations.