Director, Information Technology Security, SEAJSK
About this position
Reporting to the SVP, Information security, Director, IT Security is the IT security representative in one of Accor regional hubs. He/she will be physically working at
the HUB head office, participating to the HUB CIO CODIR, and working closely with both local teams and experts from the corporate security team to support
the business while managing risks at a global level. He/she will be the single point of contact for security related questions in the hub, coordinating with global
experts when needed.
Responsibilities
• Governance : distribute group security policies, adapt to local needs and suggest improvements of group level rules. You will ensure local teams’ awareness and enforce policies application in local projects.
• Reporting : you will provide regular security KPIs on risks, patching level, incidents and exceptions.
• Budget : you will be in charge of capacity management and security licenses / hardware renewal needs for the regions, helping the corporate team to consolidate the group security budget. When local security vendors exist, you will own the relationship.
• Security systems : you will coordinate network security by facilitating and following security technologies deployment (such as firewalls, endpoint security, etc.) and helping other IT teams to use them properly, such as teaching them how to build their flows matrix. You will also lead projects to bring back local specificities to group standard. You will also be responsible for L2 support regarding security technologies, handling escalation to the corporate team for L3 when necessary. Finally, you will be in charge of regular rules review at the regional level.
• Security follow-up : you will make sure regional IT and business teams understand their security responsibilities such as identity management, patching, incident response, system hardening, cloud security, compliance, etc. and help them following the group methodology. You will implement appropriate control procedures to detect and fix deviance from the group standards.
• Projects : you will be responsible for specific projects, either for local needs as a regional brand integration for example, or to launch security initiatives as a pilot region
Requirements
• B.S. – M.S. in Computer Science
• 10+ years of experience in IT Security
• ITIL Foundation or higher
• PCI-DSS experience
• OWASP Top 10
• Experience in hotel industry
Knowledge of several of the following is required
• Checkpoint and Forcepoint firewalls
• Microsoft environment (AD, Office365, SCCM, etc.)
• Cloud security (AWS and Azure)
• Qualys vulnerability scans, Splunk and other security tools (i.e., Trend Micro Antivirus, McAfee proxies, Pulse Secure, Bomgar, FireEye, Checkmarx, ALSID, CyberArk)