Senior Manager - Information Security

With a career at HMSHost, you really benefit! We offer:

• Health, dental and vision insurance
• Generous paid time off (vacation, flex or sick)
• Holiday pay
• 401(k) retirement plan with company match
• Company paid life insurance
• Tuition reimbursement
• Free parking and onsite fitness center
• Wellbeing Support Program
• Training and exciting career growth opportunities
• Referral program – refer a friend and earn a bonus

Purpose The Senior Manager Information Security is responsible for overseeing Information Security and compliance programs for infrastructure applications. This role is responsible for corporate policies and procedures, and for providing expert advice in risk assessment, business continuity planning, information security, change management and executing a comprehensive risk-based internal audit plan for the Company’s information technology controls.

Essential Functions

• Executes and delivers Information Security strategy through assessment, design and implementation of governance frameworks, controls, processes and infrastructure
• Designs, implements and manages security solutions and remediation programs to address security risks
• Evaluates identity and access management (IDAM) practices and develops solutions to improve IDAM processes, privileged access and recertification programs
• Develops security policies, procedures, standards, and controls in line with regulation and current standards, ISO27001, NIST, SANS etc.
• Implements data protection and privacy programs to ensure confidentiality and security of personal data
• Develops and implements programs to improve IT Disaster Recovery and Business Continuity
• Creates secure patterns for reuse and delivery of architectural reviews using TOGAF or SABA
• Evaluates security of emerging technology platforms – mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, social media
• Performs security risk and controls assessments and penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues
• Assists client in evaluating, enhancing, developing, and managing various programs including Cybersecurity, Business Continuity and Disaster Recovery, Data Protection and Privacy, Threat and Vulnerability, Security Incident Detection and Response, Identity and Access Management, Security Operation Centre and SIEM, Data Loss Prevention, Security Awareness and Training, Phishing Campaigns
• Ensures infrastructure and applications are compliant with regulatory and IT best practice standards and internally established IT policies and procedures
• Assists with design, implementation and management of CCPA/CPRA, SOC2, ISO, and PCI audit process
• Provides subject matter expert advisory services to IT and the business as it relates to regulatory and industry compliance issues
• Manages, coordinates and executes internal compliance testing, documentation and follow-up
• Performs operational audits to ensure compliance of infrastructure/applications with regulatory or internally established IT policies and procedures; provides written reports to senior management regarding recommendations and conclusions
• Assists in the development of procedures and policies governing the management and operation of key regulated computer systems

Reporting Relationship This position reports to the VP Infrastructure and Security

Major Interdependencies All Corporate departments

Minimum Qualifications, Knowledge, Skills, and Work Environment

• Education and Experience: The combination of education and professional experience must exceed 6 years:

  • In a technical role: Requires 6 years of experience engaged in delivering IT security and compliance programs
  • A bachelor’s degree in Computer Science, Information Systems, Cybersecurity or a program related to the functional area can count for 2 of the 6-year requirement
  • In the industry: 3-5 years of Hospitality, F&B and/or Retail experience desirable

• Specialized Training:

  • Extensive knowledge of compliance and privacy regulations such as PCI-DSS, Law 262, SOC-2, ISO, HIPAA and CCPA/CPRA
  • Information Technology Infrastructure Library (ITIL) experience
  • Strong Knowledge of common IT service management, cybersecurity and risk management frameworks, such as ITIL, ISO 27000 and NIST

• Specialized Skillset/Competencies/Traits

  • Business acumen and also has the mindset required to understand the long-term implications of IT security and compliance planning and to advance the organizations goals
  • Demonstrated history of understanding the needs of the business, stakeholders, the employee population, and individual circumstances
  • Demonstrated history of creating and maintaining positive work environments through coaching, developing, and leading teams to achieve common goals

• Travel/Location:

  • Location: Requires a regular presence in F&B and/or Retail Center of Excellence locations

Disclaimer

All job requirements are subject to change to reflect the evolving position requirements or to reasonably accommodate individuals with disabilities. Some requirements may exclude individuals who pose a threat or risk to the health and safety of themselves or other employees. This job description in no way states or implies that these are the only duties to which will be required in this position. Employees will be required to follow other job-related duties as requested by their supervisor/manager (within guidelines and compliance with Federal and State Laws). Continued employment remains on an "at-will" basis.

Dufry, Hudson and HMSHost are equal opportunity employers and do not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factors.