IT Compliance, Data, and Risk Management Specialist
Job Locations: US-TX-Dallas
Requisition ID: 2024-115279
# of Openings: 1
Category: Information Technology
Overview
Omni Hotels and Resorts creates genuine, authentic guest experiences at 60 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America. Omni Hotels is known for its exemplary culture, authenticity to the markets in which we operate, innovation and exceptional service. Our commitment to career development has created tenure and loyalty that enables us to perpetuate our family atmosphere.
Job Description
We are seeking a highly skilled IT Compliance, Data Governance, and Risk Management Specialist with a strong technical security background and extensive experience in PCI (Payment Card Industry) Compliance to join our team. The successful candidate will be responsible for ensuring our IT systems, data, and processes comply with regulatory standards, managing risk, and implementing robust security measures. This role is crucial for protecting our organization's information assets and maintaining the highest levels of data security and integrity.
Position is based primarily onsite at the Omni Hotels & Resorts Corporate Office in Dallas, TX
Responsibilities
Compliance Management:
- Develop, implement, and maintain compliance programs to ensure adherence to PCI DSS and other regulatory requirements.
- Conduct internal compliance audits and assessments, identifying and addressing gaps in compliance.
- Coordinate with internal and external auditors for compliance assessments and certifications.
- Develop and update compliance documentation, including policies, procedures, and controls.
- Lead PCI DSS (Payment Card Industry Data Security Standard) compliance efforts, including annual assessments, audits, and reporting.
- Conduct regular PCI compliance training and awareness programs for staff.
- Remain current on PCI DSS updates and changes and communicate their impact to relevant stakeholders.
Risk Management:
- Conduct thorough risk assessments to identify, evaluate, and mitigate risks associated with IT systems and processes.
- Maintain a risk register, documenting identified risks, assessment outcomes, and mitigation strategies.
- Develop and implement risk management frameworks and policies.
- Regularly review and update risk management practices to reflect changes in the threat landscape and regulatory environment.
Technical Security:
- Design, implement, and manage technical security controls to protect sensitive data and ensure compliance with PCI DSS and other standards.
- Perform security assessments, vulnerability scans, and penetration tests to identify and address security weaknesses.
- Oversee the configuration and maintenance of security tools, such as firewalls, intrusion detection systems, encryption technologies, and SIEM (Security Information and Event Management) solutions.
- Monitor and respond to security incidents, ensuring timely resolution and thorough documentation.
Data Governance:
- Develop and implement data governance frameworks, policies, and procedures to ensure data quality, integrity, and security.
- Establish data stewardship and ownership roles and responsibilities within the organization.
- Collaborate with cross-functional teams to ensure compliance with data governance standards and practices.
- Monitor and report on data governance metrics, identifying areas for improvement and implementing corrective actions.
Data Classification:
- Develop and implement a comprehensive data classification schema to categorize data based on sensitivity, criticality, and usage.
- Work with business units to classify data according to established guidelines and ensure appropriate handling and protection.
- Conduct regular audits and assessments to ensure compliance with data classification standards.
Training and Awareness:
- Develop and deliver training programs to educate staff on compliance requirements, security policies, and risk management practices.
- Conduct regular awareness sessions to keep employees informed about the latest security threats and compliance updates.
Documentation and Reporting:
- Create and maintain detailed documentation for compliance activities, risk assessments, and security controls.
- Prepare comprehensive reports on compliance status, risk management activities, and security incidents for senior management and regulatory bodies.
Qualifications
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
- Minimum of 5 years of experience in IT compliance, Data Governance, risk management, and technical security, with a strong focus on PCI DSS.
- In-depth knowledge of PCI DSS requirements, IT security frameworks, and standards such as ISO 27001 and NIST.
- Proven experience in conducting security assessments, managing risk mitigation plans, and implementing technical security controls.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and interpersonal skills, with the ability to work effectively with cross-functional teams.
- Relevant certifications, such as CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or PCI QSA (Qualified Security Assessor), are highly desirable.
Additional Information:
- Ability to work in a fast-paced, dynamic environment with minimal supervision.
- Occasional travel may be required for training and industry events.
Omni Hotels & Resorts is an equal opportunity employer - vets/disability. The EEO is the Law poster and its supplement are available using the following links: EEOC is the Law Poster and the following link is the OFCCP's Pay Transparency Nondiscrimination policy statement.
If you are interested in applying for employment with Omni Hotels & Resorts and need special assistance to apply for a posted position, please send an email to applicationassistance@omnihotels.com.
#J-18808-Ljbffr
