Mandarin Oriental Hotel Group is the award-winning owner and operator of some of the world’s finest hotels. The Group operates luxury hotels in key leisure and business destinations. In total Mandarin Oriental employs 9,000 colleagues in three continents with thirteen hotels in Asia, eight in The Americas and ten in Europe.
Some of the responsibilities are:
Develops and updates a centralized repository of security policies, standards and controls aligned with corporate and regulatory requirements
Performs periodic risk assessments that identify current and future internal and external information security vulnerabilities, provides necessary information to derive decisions about risk acceptance and risk mitigation, and identifies strategies to reduce information security risk.
Coordinate PCI attestation activities, monitor process owners to ensure ongoing compliance is organized, structured, accurate and current.
Perform application and technology design reviews, requirements analysis and risk remediation planning.
Ensures adequate and effective IT controls exist to meet current and future security compliance requirements found in local, state, federal and international laws, and regulations (e.g., SOX, PCI, GDPR)
Lead the information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business, and operational applications and systems across the company.
Coordinates the development, management approval, and communication of IT security risks across the company.
Proactively monitor, analyze, and provide guidance on security vulnerabilities and incidents to support remediation activities
Supports the MOHG security program, ensuring the identification, tracking, prioritization, and remediation of all internal/external compliance requirements
Provides technical advice to those who install, administer, and update computer-based systems.
Additional duties as assigned by the Head of Cybersecurity.
Skills & Qualifications:
Bachelor’s Degree in Information Systems, Computer Science or equivalent combination of education, training, or work experience. • A minimum of 5 years relevant industry experience in information security or 3 years in information security with an additional 3-year industry experience in IT system audit and/or system/network administration. • Experience with security compliance frameworks (e.g., PCI DSS, COBIT, ISO27001, NIST 800:53, HITRUST, GDPR, CCPA), and control testing strategies). • Experience in conducting security and privacy risk assessments, completing risk exceptions and acceptance requests using SIG, SOC2 Type 2, and other security attestation documents. • Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps. • Cyber security business and systems subject matter expertise – especially in Application Security, Data Security, Data Governance, and Network Security domains. • The ideal candidate will have general working knowledge of security needs for operating systems, databases, applications, Web services, user devices, and networks; experience with vulnerability scanning and intrusion detection techniques • Working knowledge of the security issues/concerns that impact enterprise environments and related technologies that can address these security concern and general knowledge of IT Audit techniques. • Have experience drafting and communicating security policies, standards, guidelines, and procedures. • Support the review of third parties for compliance to company standards and industry regulations. • Review application security risk assessments for new or updated internal or third-party applications • Excellent written skills to be used in the development, review, and refinement of cybersecurity standards, SOPs, and policy with communication skills (verbal and written) to communicate to all levels of the organization. • Experience developing security programs (e.g., IT Risk Assessment, Compliance, Vulnerability Management, Vendor Security) • One or more of the following industry certifications or equivalent is required: CISA, CGEIT, CRISC, CISM, CISSP
If you are the person for this job, please apply today.
Advertised: Eastern Standard Time Applications close: