Overview:
Omni Hotels and Resorts creates genuine, authentic guest experiences at 60 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America.
Omni Hotels is known for its exemplary culture, authenticity to the markets in which we operate, innovation and exceptional service.
Our commitment to career development has created tenure and loyalty that enables us to perpetuate our family atmosphere.
Job Description:
We are seeking a highly skilled IT Compliance, Data Governance, and Risk Management Specialist with a strong technical security background and extensive experience in PCI (Payment Card Industry) Compliance to join our team.
The successful candidate will be responsible for ensuring our IT systems, data, and processes comply with regulatory standards, managing risk, and implementing robust security measures.
This role is crucial for protecting our organizations information assets and maintaining the highest levels of data security and integrity.
Responsibilities:
Compliance Management: Develop, implement, and maintain compliance programs to ensure adherence to PCI DSS and other regulatory requirements.
Conduct internal compliance audits and assessments, identifying and addressing gaps in compliance.
Coordinate with internal and external auditors for compliance assessments and certifications.
Develop and update compliance documentation, including policies, procedures, and controls.
Lead PCI DSS (Payment Card Industry Data Security Standard) compliance efforts, including annual assessments, audits, and reporting.
Conduct regular PCI compliance training and awareness programs for staff.
Coordinate with internal and external auditors during PCI DSS assessments and audits.
Remain current on PCI DSS updates and changes and communicate their impact to relevant stakeholders.
Risk Management: Conduct thorough risk assessments to identify, evaluate, and mitigate risks associated with IT systems and processes.
Maintain a risk register, documenting identified risks, assessment outcomes, and mitigation strategies.
Develop and implement risk management frameworks and policies.
Regularly review and update risk management practices to reflect changes in the threat landscape and regulatory environment.
Technical Security: Design, implement, and manage technical security controls to protect sensitive data and ensure compliance with PCI DSS and other standards.
Perform security assessments, vulnerability scans, and penetration tests to identify and address security weaknesses.
Oversee the configuration and maintenance of security tools, such as firewalls, intrusion detection systems, encryption technologies, and SIEM (Security Information and Event Management) solutions.
Monitor and respond to security incidents, ensuring timely resolution and thorough documentation.
Security and Controls: Collaborate with IT and security teams to design and implement security controls that protect sensitive data and comply with industry standards.
Oversee the implementation of technical security measures, such as firewalls, encryption, and intrusion detection systems, to safeguard information assets.
Perform regular security assessments, vulnerability scans, and penetration tests to identify and address security weaknesses.
Ensure timely resolution of security incidents and vulnerabilities, working closely with the incident response team.
Data Governance: Develop and implement data governance frameworks, policies, and procedures to ensure data quality, integrity, and security.
Establish data stewardship and ownership roles and responsibilities within the organization.
Collaborate with cross-functional teams to ensure compliance with data governance standards and practices.
Monitor and report on data governance metrics, identifying areas for improvement and implementing corrective actions.
Data Classification: Develop and implement a comprehensive data classification schema to categorize data based on sensitivity, criticality, and usage.
Work with business units to classify data according to established guidelines and ensure appropriate handling and protection.
Maintain and update data classification policies and procedures as organizational and regulatory requirements evolve.
Conduct regular audits and assessments to ensure compliance with data classification standards.
Training and Awareness: Develop and deliver training programs to educate staff on compliance requirements, security policies, and risk management practices.
Conduct regular awareness sessions to keep employees informed about the latest security threats and compliance updates.
Documentation and Reporting: Create and maintain detailed documentation for compliance activities, risk assessments, and security controls.
Develop and maintain comprehensive documentation for IT governance, risk management, and PCI compliance activities.
Prepare comprehensive reports on compliance status, risk management activities, and security incidents for senior management and regulatory bodies.
Maintain records of compliance audits, risk assessments, and security incident responses.
Qualifications: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
Minimum of 5 years of experience in IT compliance, Data Governance, risk management, and technical security, with a strong focus on PCI DSS.
In-depth knowledge of PCI DSS requirements, IT security frameworks, and standards such as ISO 27001 and NIST.
Proven experience in conducting security assessments, managing risk mitigation plans, and implementing technical security controls.
Strong analytical, problem-solving, and decision-making skills.
Excellent communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
Relevant certifications, such as CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or PCI QSA (Qualified Security Assessor), are highly desirable.
Additional Information: Ability to work in a fast-paced, dynamic environment with minimal supervision.
Occasional travel may be required for training and industry events.
Omni Hotels & Resorts is an equal opportunity employer - vets/disability.
The EEO is the Law poster and its supplement are available using the following links: EEOC is the Law Poster and the following link is the OFCCP's Pay Transparency Nondiscrimination policy statement If you are interested in applying for employment with Omni Hotels & Resorts and need special assistance to apply for a posted position, please send an email to ******.