Senior Manager - Business Information Security Greater China

Salary Details

Salary Description: Competetive Salary Offered

Job Description For Senior Manager - Business Information Security Greater China

Description

This position reports to RVP of Field Technology Services and is a key member of the Field Technology Services team and Cyber Security team, supporting the Commercial Services and Technology organizations.

The purpose of this position is to facilitate and co-ordinate all Cyber Security activities, programs and initiatives for the Greater China area and related technologies and services. The Business Information Security (BIS) is the role that supports the implementation of the Cyber Security programs. BIS provide advice and oversight to ensure that businesses related processes and procedures are in compliances with Hyatt's Cyber Security Policies.

Responsible for overseeing and managing cyber regulatory compliance issues for Greater China. Lead IT/security compliance efforts such as PCI, SOX, internal/external audits, other initiatives (e.g., MOR) to identify gaps in the execution of security controls, and provide oversight of individual hotel tracking and reporting of compliance status and progress. Manage China cyber regulation compliance (MPLS, ICP, PIPL) for both properties and above property systems, such as mobile App, China web site and other corporate systems. Use strong property technology and operations experience to identify risks to sensitive data such as credit card numbers or personally identifiable information through weaknesses in software/hardware products, access procedures, and other technical and operational activities. Design and, where appropriate, administer processes and procedures that will sustain & improve cyber security and compliance efforts within Hyatt. Support field IT with cyber security related issues and problems.

The role will work in coordination with Legal, Finance, Cyber Security, Procurement etc regarding all of the compliance tasks.

30% travel time will be required for this role.

Responsibility:

1.Provide security guidance to operations, functional, and technology partners to help them meet Cyber Security requirements

2.Proactively engage the businesses to identify, document and drive remediation of risks and non-compliant activities

3.Create and review security metrics to measure security effectiveness with Regional Leadership Teams

4.Monitor security violations and driving resolutions to security policy

5.Ensure that appropriate stakeholders are held accountable as to the state of their controls and that they understand their responsibilities regarding risk mitigation and remediation

6.Partnering with various Hyatt internal IT teams to ensure that technology systems are managed, operated and designed to minimize risk

7.Act as point of contact to executive leadership for dimensioning, managing and driving remediation of cyber security risks

8.Facilitate, attend and participate in internal/external meetings and risk committees

9.Engage with regional leadership and staff to ensure non-compliant items are addressed in timely fashion

10.Ensure compliance to security practices & standards. Reducing likelihood of audit findings, regulatory & legal liabilities

11.Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units

12.Ensure timely engagement and delivery on cyber security, business and/or technology initiatives and projects

13.Act as the point of contact for China Cyber Security regulators, such as Public Security Bureau, Cyber Administration of China, responding to government enquiries and liaising across Hyatt leadership and discipline teams to maintain positive relationship with the regulators

Qualifications
Experience

• 5+ years of Cyber Security and/or Risk Management experience
• Knowledge in IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
• Working knowledge of industry security frameworks (e.g., ISO2700X, Cloud Security Alliance)
• Experience with PCI remediation and reporting
• Experience in China cyber regulation compliance management and projects development

• Bachelor's degree (in Cyber Security or a related discipline) or equivalent work experience

• CISSP, CISM, or similar Preferred

• Ability to provide effective leadership and subject matter expertise in Cyber Security topics to senior management, technology and business partners
• Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
• Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
• Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels