Senior Analyst, Technology Compliance
Marca do hotel: IHG Corporate
Local: Estados Unidos, Geórgia, Atlanta
Hotel: Corp Atlanta Ravinia (ATLR3)
Número do trabalho: R194652
Bringing True Hospitality to the world.
We want to welcome you to a world of bringing True Hospitality to everyone. When you join us at IHG®, you become part of our global family. A welcoming culture of warmth, honesty, and a passion for providing True Hospitality.
We pride ourselves on letting your personality and passions shine, recognizing the individual contribution you make and supporting your ambition to learn and create your own career path. In making a difference to our guests and owners, colleagues and communities, every day is a chance to create great and unique experiences, in your own way.
With over 370,000 colleagues in nearly 100 countries sharing our values, there’s countless opportunities at your fingertips.
We’re growing; grow with us.
Your day to day
Job Summary – (Role Summary)
This role will define, establish and maintain standardized, repeatable processes that will enable IHG Technology Services to maintain compliance with Sarbanes-Oxley (SOX) and PCI Control Objectives while also coordinating appropriate actions to address information security policy gaps, PCI 4.0 gaps, and other technology compliance assessments.
Our Technology Services Business Management team is responsible for ensuring risk findings are prioritized and remediated according to plan and aligned with the risk appetite of the company. This includes governing, managing, and delivering risk response for PCI, SOX, Internal Audits, and other applicable assessments.
As a Senior Analyst, you will be working directly with Information Security, Internal Audit, SOX, and Legal (as needed) to aggregate and understand the Technology Services risk landscape. You will communicate the risk landscape to technology leadership. You will then partner with each Technology Services function to help write remediation plans and drive the plan to completion.
Essential Duties and Responsibilities – (Key Activities)
- Maintain real-time Tableau metrics and dashboards to ensure visibility of the Technology Services risk landscape to senior leadership
- Remediate reported findings through partnerships with the Technology Services functions while also ensuring that they are prepared for pending audits
- Coordinate any remediation date revisions with technology leadership to align with risk appetite of the organization.
- Evaluate the efficiency of processes and controls with an eye towards constant improvement
- Maintain knowledge of relevant rules, laws, and regulations for the hospitality industry
- Partner with audit functions to develop a cross-functional framework for risk prioritization and remediation.
- Maintain PCI Compliance:
- Prepare for the yearly PCI audit by maintaining/updating the master inventory of PCI controls
- Identify upcoming projects that may impact the cardholder data environment, ensure that they are incorporated into PCI scope and master inventory.
- Coordinate remediation activity for external and internal penetration tests in alignment with PCI compliance.
- Work with Information Security and PCI Auditor to ensure that system designs are vetted for potential PCI compliance conflicts before these designs are implemented
What we need from you
- Maintain SOX Compliance:
- Prepare for both Internal and External SOX audits by maintaining / updating the master inventory of SOX controls
- Validate SOX control inventory and ownership with technology teams
- Provide standardized, repeatable process for hosting evidence and providing to auditors.
- Act as liaison between Auditors and Technical teams by coordinating requests for information and by coordinating responses to any observations
- Manage technology risk landscape
- Manage competing priorities using risk-based approach to prioritize technology risks identified from various assessments
- Balance the technology risk/regulatory requirement with business value to manage the risk landscape across technology
- Bachelor’s degree. Concentration in computer science, management information system, or business strongly preferred
- 2-3 years progressive years’ experience in Audit and Compliance Management roles
Interpersonal and Technical Skills -
- Have experience as IT auditor, IT Compliance (PCI, SOX), or internal auditor.
- Demonstrate experience with global regulatory and security risk frameworks (i.e. PCI, SOX, SOC, NIST)
- Demonstrate experience with information security policies and standards
- Certification in security auditing (CISA) preferred.
- Ability to communicate information security and regulatory compliance in terms of technology risk
- Confident and experienced in working with senior leadership, audit functions, and technology staff
- Results oriented, excellent organizational skills, adept at multi-tasking and initiating/driving projects through completion
- Experience with ServiceNow is a plus
What we offer
We’ll reward all your hard work with a great salary and benefits – including great room discount and superb training.
Join us and you’ll become part of the global IHG family – and like all families, all our individual team members share some winning characteristics. As a team, we work better together – we trust and support each other, we do the right thing and we welcome different perspectives. You need to show us you care, that you notice the little things that make a difference to guests as well as always looking for ways to improve - click here to find out more about us.
At IHG Hotels & Resorts, we are proud to be an equal opportunity employer. IHG Hotels & Resorts provides equal employment opportunities to applicants and employees without regard to an individual's, race, color, ethnicity, national origin, religion, sex, sexual orientation, gender identity or expression, age, disability, marital or familial status, veteran status or any other characteristic protected by law. IHG is committed to promoting a culture of inclusion where everyone feels safe, respected and valued. We seek talent from all backgrounds to join our teams, and encourage our colleagues to bring their authentic and best selves to work.
Not Applicable for Colorado applicants.
Don't quite meet every single requirement, but still believe you'd be a great fit for the job? We'll never know unless you hit the 'Apply' button. Start your journey with us today and let's #GoFurtherTogether.