Search 25,450 current hospitality jobs

Senior Manager, IT Audit & Security Compliance

Posted June 10, 2021

Hilton - Greater China & Mongolia
East Shanghai, China

About This Job


The Hilton portfolio of hotels is comprised of 18 industry leading and world-class brands, spanning more than 100 countries. In addition to our flagship brand, Hilton Hotels & Resorts, the family of brands includes Waldorf Astoria, LXR, Conrad, Canopy, Signia, Curio Collection, DoubleTree, Tapestry Collection, Embassy Suites, Tempo, Motto, Hilton Garden Inn, Hampton, Tru, Homewood Suites, Home2 Suites and Hilton Grand Vacations. In Asia Pacific, the company has over 300 trading hotels and nearly 500 under development.

This important new role recognizes that with our rapid growth throughout Asia Pacific that we ensure that we have a strong hotel technology audit and control compliance across a single hotel or collection / cluster of hotels. The hotel property technologies act as the conduit to the core of our customer record and therefore always needs to be protected. This role is responsible to lead and oversee our various IT audit and compliance programs and will be a strong business partner and key liaison between hotels, our regional team, and Internal Audit. The position will also play a critical role to ensure Hilton hotels compliance to the China Cyber Security regulations and will act as the company’s GRC (Government, Risk & Compliance) representative for technology in China.

This position has a focus on Regulation Compliance and will be responsible for monitoring and coordinating MLPS 2.0 Assessment for Hilton-branded hotels through entire project lifecycle. About position development, this role is given priority to MLPS project for now, but with the completion of the pilot project, the position will be expanded to other regulatory and audit projects in APAC.


What will I be doing?


As the Sr. Manager, IT Audit & Security Compliance, you will directly report to the Director of Security Web & Mobile App Architecture in GCM, and work closely with hotel operation teams, China Legal Counsel and Certification Bureaus. As this role, you will implement and enhance hotels’ IT self-assessment and peer review programs as well as technology operational audits. You will drive the Cyber Hygiene at all hotels and align all the programs to SOX and PCI regulations.  You will also facilitate the Information Security Risk assessment of technical innovations at the properties. The Senior Manager will also work closely with the Global Information Security team to provide security education to the business and hotel operations. You will be responsible for performing the following tasks to the highest standards:

Knowledge structure:

  • This position is required to have a thorough understanding of China Cybersecurity Law and requirements of different levels on MLPS.

  • Understanding Hilton core information technology systems, especially property management system, as well as Hilton Security Policies and stay up to date with it.

  • Keep abreast of development in the market by conducting ongoing research, developing core knowledge of industry best practices for technology concerning audit, compliance, vulnerabilities, access control and overall security.


  • Conduct independent and objective assessments of IT general controls audit and security compliance reviews at owned, leased and managed hotels. Engage with cross sector, regional, legal and security teams in the review of key controls and processes to effectively and efficiently manage cybersecurity issues. Provide timely updates to related business groups, partner vendors and senior management through established communication channels.

  • Lead all the compliance work related to the China Cyber Security regulation (especially MLPS 2.0) and will manage the China Certification Bureau relationship. Support hotels through the MLPS certification process and support them to conduct security assessment on IT systems. Accordingly, this role will take business travel if necessary.

  • Facilitate follow up on remediation action plans post internal audit or other reviews, and field hotel operational level questions on systems and standards. Review pre-assessment result and facilitates the remediation gaps and escalates possible critical issues to global management, administration, and leadership through to resolution, if necessary.

  • Enhance the Hotel IT audit tools, documentation and checklists for hotels.

  • Support all aspects of Internal and External Audit reviews to maintain compliance with Sarbanes-Oxley (SOX) and Hilton policies, standards and procedures.

  • Coordinate with Global Information Security team to develop and deliver regional IT audit and security awareness and compliance training programs.

  • Share best practices across hotels to include developing and rolling-out tools, templates, and methodologies.

  • Identify common compliance challenges and themes across hotels, perform root cause analyses, and facilitate communication and training on proposed solutions.

  • Facilitate the Information Security Risk assessments of new third-party applications at hotels.

  • Support hotels on review and execution of procedures and controls to ensure compliance to applicable regulatory and legal requirements as well as good business practices.

  • Maintain open, two-way communication with Field Technology regional teams, provide oversight, and serve as advocate for “Security at the Start” philosophy.

  • Performs other duties and responsibilities as assigned or required.

  • Hilton is in the hospitality industry, and a hospitable service atmosphere must be projected at all times.



What are we looking for?

A Sr. Manager, IT Audit & Security Compliance serving Hilton Brands is always working on behalf of our Guests and working with other Team Members. To successfully fill this role, you should maintain the attitude, behaviors, skills, and values that follow::



  • Degree holder in Computer Science, Information Security or related disciplines

  • 3-7 years of experience in IT audit and cybersecurity work

  • IT hotel operations experience (will be a plus.

  • Extensive knowledge of SOX controls and internal controls in general, as well as information security and technology risk management principles and best practices.

  • Any of those certifications (CISA, CISSP, CISM, PCI) or hands on experiences with MLPS will be a plus to this position.

  • Experience in interacting and representing the company to external auditors and regulators.

  • Excellent bilingual (Mandarin & English) business communication and writing skills is required.

  • Must be an in-country Chinese National.

  • Strong organization and leadership skills.

  • Strong critical thinking skills required and attention to detail.

  • Ability to collaborate with multiple groups and prioritize tasks, as well as work in matrix environment with a geographically dispersed team.

  • Ability to influence change.

  • Proficient in Microsoft Word, PowerPoint, Excel.

  • Ability to travel as required (up to 20%).


What will it be like to work for Hilton?




Hilton is the leading global hospitality company, spanning the lodging sector from luxurious full-service hotels and resorts to extended-stay suites and mid-priced hotels. For nearly a century, Hilton has offered business and leisure travelers the finest in accommodations, service, amenities and value. Hilton is dedicated to continuing its tradition of providing exceptional guest experiences across its global brands.  Our vision “to fill the earth with the light and warmth of hospitality” unites us as a team to create remarkable hospitality experiences around the world every day.  And, our amazing Team Members are at the heart of it all!













About this Employer

Hilton - Greater China & Mongolia

4205, Bund Centre 222 Yan An Road
East Shanghai, 200002

Regional Office

Follow us:

Managed By

We are passionate about delivering exceptional guest experiences.

We believe Hospitality isn’t just a job; it’s a journey of self-discovery, growth, community and cultures. Our Team Members are extraordinary professionals who work together to deliver exceptional experiences for all who walk through our doors. As we continue to grow and innovate, our Vision “to fill the earth with the light and warmth of hospitality” has never faltered. We are more than a room for the night. We create heartfelt experiences for Guests, meaningful opportunities for Team Members, and a positive impact in our Communities.