Manager Information Security Governance, Risk & Compliance

Job Description:

Summary of the Role:

• The Manager Information Security Governance, Risk & Compliance is the staff member of the team TEC-SEC-HOS-GRC (Hospitality InfoSec Governance Risk & Compliance) and in charge of achieving and maintaining compliance and certification for leading security standards and legislation based on business needs and a risk-based approach for the Hospitality product line.
• You will ensure alignment with Amadeus Hospitality Missions & Objectives, the HOS CISO vision, and the guidance provided by Amadeus central. This is then delivered as process implementation guidelines, policies and procedure.
• You will provide support to the HOS-CISO and the Head of the HOS GRC (Governance, Risk and Compliance) team with respect to the interface with Legal, Security and Data Privacy Authorities.
• You will report to the Amadeus Hospitality CISO and manages the Information Security, Governance, Risk & Compliance and Data Privacy experts within the Hospitality Business Unit TEC-SEC-HOS.

In this role you will:

• Support the Hospitality CISO & Head of the GRC team, to establishing and maintaining the business unit vision, strategy, and program on security and privacy, aligned with corporate, to ensure information assets and technologies are adequately protected.
• Deliver the GRC vision with the CISO HOS organization.
• Achieve and maintain compliance and certification for leading security standards and legislation based on business needs and a risk-based approach.
• Responsible for the development, documentation, implementation and maintenance of - -------- Hospitality Risk Register in alignment with the Corporate Risk Register.
• Assess risks, by identifying the threats, vulnerabilities and impact. Define and lead mitigation plans and security roadmaps and control execution.
• Security by Design: Integrate security into Change Management and projects and validate new solutions from a security standpoint (especially for cloud solutions);
• Implement Amadeus Information Security Management System (ISMS).
• Managing and reporting KPIs for Information Security, Risk and Compliance / Provide - ------ Reporting dashboard to the HOS-CISO on level of security risks and mitigation plans.
• Develop security community network (Customers, HISAC, authorities…).

About the ideal candidate:

• Education: Bachelor’s Degree or higher from an accredited institution
• CISM, CISA, CISSP or similar industry certification(s) preferred
• 3+ years’ experience working within an IT organization with practical experience in compliance coordination, implementing IT risk frameworks, controls, and methodologies
• Exposure to international and multi-cultural contexts
• Prior experience working closely with auditors and/or external regulators
• An understanding of the security needs of the Amadeus Hospitality business and a commitment to delivering high-quality, prompt, and efficient service to the business (GRC Portfolio).
• Demonstrate an understanding of risk management by navigating challenging conversations with leadership teams and driving risk-based decision making and accountability for those decisions.
• Knowledge of industry information security & privacy standards and regulations and risk management frameworks.

Knowledge of the following market dominant security standards/privacy legislation:

• ISO27001, ISO27002, ISO27005, ISO27701, PCI DSS, PCI SSF, SSAE18 SOC 1/2, GDPR, CCPA/CPRA
• Knowledge of process or project management.
• Excellent organizational, analytical, and conceptual skills.
• Excellent presentation and communication skills.
• Excellent judgment in the presence of competing priorities and incomplete data
• An ability to effectively influence others to modify their opinions, plans, or behaviors
• Ability to establish positive relationships quickly; work effectively cross-functionally
• Work well under pressure by effectively managing multiple priorities and initiatives in a - fast pace environment
• Strong integrity and ethical behavior
• Experience in hospitality and/or travel industry is preferred but not required

We are an Equal Opportunity Employer and seek to hire the best candidate regardless of age, beliefs, disability, ethnicity, gender or sexual orientation.