Director of Cybersecurity, Data, and Privacy Governance

HOW YOU WILL MAKE AN IMPACT

Your role is important and below are some of the fundamental job duties that make your work unique.

What your day-to-day will be like:

• Build and mature Hilton's security awareness, security training, and cyber champions programs.
• Manage the cybersecurity policies, standards, and control lifecycle and tangential processes.
• Develop a strategy for monitoring security control effectiveness. Be the GIS's lead for all data protection, data security, and DSPM matters and as GRC's liaison with Legal, Privacy, and Information Governance teams.
• Be a cyber risk management subject matter expert supporting your roles and responsibilities, and projects in GIS, IT, and the business.

How you will collaborate with others:

• Be a liaison between business, IT, and audit organizations to set priorities for internal and external IT audits and attestations.
• Be GRC team's lead coordinator with both Insurance Risk Management and Enterprise Risk Management teams.
• Assist with and coordinate resolution of high-profile IT compliance issues with internal partners.
• Coordinate with internal team members and external contacts to identify requirements, communicate projects in flight, collect data and artifacts, and track progress.

What deliverables you will take ownership of:

• Develop, and deliver guidance and training to control owners as focus areas evolve or new audit and compliance requirements emerge.
• Deliver status updates to several levels of management throughout Hilton on multiple IT compliance programs.

WHY YOU'LL BE A GREAT FIT

You have these minimum qualifications:

• Ten (10) years of professional work experience in Technology or related field
• Eight (8) years of experience in information security, with a focus on compliance, audit or risk management
• Five (5) years in privacy program management or data protection role at a global scale
• Previous work experience in a large, global organization or professional services firm
• Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing (e.g., SOX, SOC1, SOC2, PCI-DSS, ISO 27001/2, Cloud Security Alliance, NIST 800-53, MLPS 2.0, GDPR, PIPCA)
• This is a hybrid role and would require to be near one of our three US office locations (McLean, Dallas, Memphis)
• Travel up to 10-20% of the time, with the potential for international travel

It would be useful if you have:

• Bachelor's Degree, or Associate's Degree plus 6+ years of Technology related experience, or High School Degree/GED plus 12+ years of Technology related experience
• Twelve (12) + years of professional work experience in Technology or related field
• Any of the following certifications: Certified Information Systems Auditor (CISA); Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM); Certified in Risk and Information System Control (CRISC); and/or Certified Data Privacy Solutions Engineer (CDPSE).
• General experience securing cloud (IaaS and SaaS) architecture and/or distributed networks
• Previous experience with hospitality and hospitality technologies

WHAT IT IS LIKE WORKING FOR HILTON

Hilton, the #1 World's Best Workplace, is a leading global hospitality company with a diverse portfolio of world-class brands. Dedicated to filling the earth with the light and warmth of hospitality, we have welcomed more than 3 billion guests in our more-than 100-year history. Hilton is proud to have an award-winning workplace culture and we are consistently named among one of the World’s Best Workplaces. Check out the Hilton Careers blog and Instagram to learn more about what it’s like to be on Team Hilton!

It is the policy of Hilton to employ qualified persons without regard to color, race, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medication conditions), gender identity or gender expression, sexual orientation, marital status, military service, status as a protected veteran, disability, protected medical condition as defined by applicable law, genetic information, or any other protected group status as defined by and subject to applicable federal, state and local laws. 

We provide reasonable accommodations to qualified persons with disabilities to perform the essential functions of the position and provide other benefits and privileges of employment in accordance with applicable law.  Please contact us if you require an accommodation during the application process.