Senior Analyst, Security Compliance

  • IHG
  • Atlanta, Georgia
  • May 02, 2021
Full time Other

Job Description

About us

Bringing True Hospitality to the world.

We want to welcome you to a world of bringing True Hospitality to everyone. When you join us at IHG, you become part of our global family. A welcoming culture of warmth, honesty, and a passion for providing True Hospitality.

We pride ourselves on letting your personality and passions shine, recognizing the individual contribution you make and supporting your ambition to learn and create your own career path. In making a difference to our guests and owners, colleagues and communities, every day is a chance to create great and unique experiences, in your own way.

With over 370,000 colleagues in nearly 100 countries sharing our values, theres countless opportunities at your fingertips.

Were growing; grow with us.

Your day to day

Purpose of the Role: Responsible for driving and managing the daily activities of IHGs Information Security Compliance program. Execute security compliance activities, including IT audit management, PCI-DSS and other security-related regulatory requirements for IHG corporate and corporate managed hotels (CMH). Represent the information security department with internal and external constituents, including auditors, executives, and project teams. Responsible for the execution of Compliance processes including controls, attestations and testing, monitoring and oversight of recommendations to correct or mitigate IT systems control and compliance weaknesses. Promote compliance with regulatory requirements and IT best practices, especially with respect to project management, systems development and information security.

Key Accountabilities:

Liaise with stakeholders across Information Security, Global Internal Audit, Global Technology, Global Hotel Operations, BRR and the business to collaborate and execute Security Compliance activities.

Provide regular communications and metrics to GT and regional VPs to drive action where Compliance gaps have been identified.

Assist in the development and maintenance of annual Compliance roadmaps including major assessment milestones and communicate to key stakeholders to ensure resource commitments are anticipated.

Coordinate IHGs corporate security compliance activities, including PCI-DSS, SWIFT and other security-related regulatory requirements. Provide regular reports to stakeholders to drive action and remediation in addressing gaps.

Lead decision making for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.

Responsible for GRC solution documentation in support of operational readiness, which may include training, process development and explanation of standards.

Provide support in the development and maintenance of the PCI-SAQ compliance program for IHG Corporate Managed Hotels; facilitate collection of annual CMH assessments and provide gap reporting to Regional VPs

Recommend and drive Compliance capability enhancements/improvements on the GRC tool to streamline processes and efficiencies. Work with the policy and risk teams to align processes when possible.

Assist with the development and alignment of security controls with the Unified Compliance Framework, IHG policies and standards. Automate control assessments leveraging the GRC tool.

What we need from you

Education

Bachelor's Degree strongly preferred (Computer Information Systems, Computer Science) or equivalent years of work experience

Experience

3+ years progressive work-related experience in information security with a focus on security compliance. Experience aligning compliance controls with security policies and standards. Experience developing functional and technical requirements for a GRC tool. Detailed oriented; Exceptional oral and written communication skills.

Technical Skills and Knowledge

Effective verbal and written communication skills with the ability to take complex information and present to all levels of management, staff, clients and vendors.

Self-starter with attention to detail and ability to manage multiple projects, delivering timely, exceptional, and complete projects

Advanced knowledge in managing penetration testing activities including vendor interaction, report results and coordination of remediation activities

Hands on experience working with internal/external auditors driving security compliance assessments (such as a PCI ROC, SWIFT)

Knowledge of NIST, SOX, SOC I, GDPR, ISO, COBIT

Experience managing projects/assessments, ensuring projects are delivered on time/budget.

Demonstrated experience automating compliance activities utilizing a security governance, risk and compliance (GRC) solution such as ServiceNow (including building functional/technical requirements and reports).

Demonstrated experience building process and training documentation for GRC stakeholders Certifications such as CISA, CISM, CISSP preferred, but not required

What we offer

At IHG Hotels & Resorts, we are proud to be an equal opportunity employer. IHG Hotels & Resorts provides equal employment opportunities to applicants and employees without regard to an individuals, race, color, ethnicity, national origin, religion, sex, sexual orientation, gender identity or expression, age, disability, marital or familial status, veteran status or any other characteristic protected by law.

IHG is committed to promoting a culture of inclusion where everyone feels safe, respected and valued. We seek talent from all backgrounds to join our teams, and encourage our colleagues to bring their authentic and best selves to work.