Omni Hotels and Resorts creates genuine, authentic guest experiences at 60 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America. Omni Hotels is known for its exemplary culture, authenticity to the markets in which we operate, innovation and exceptional service. Our commitment to career development has created tenure and loyalty that enables us to perpetuate our family atmosphere.
Job DescriptionWe are seeking a highly skilled IT Compliance, Data Governance, and Risk Management Specialist with a strong technical security background and extensive experience in PCI (Payment Card Industry) Compliance to join our team. The successful candidate will be responsible for ensuring our IT systems, data, and processes comply with regulatory standards, managing risk, and implementing robust security measures. This role is crucial for protecting our organization’s information assets and maintaining the highest levels of data security and integrity.
Position is based primarily onsite at the Omni Hotels & Resorts Corporate Office in Dallas, TX
Responsibilities
Technical Security and Controls:
· Design, implement, and manage technical security controls to protect sensitive data and ensure compliance with PCI DSS and other standards.
· Perform regular security assessments, conduct vulnerability scans, and coordinate penetration tests to identify security requirements or weaknesses.
· Oversee the configuration and maintenance of security platforms and services, automation tools, and SIEM solutions to safeguard information assets.
· Monitor, analyze and respond to security events, ensuring timely resolution and develop/revise documentation for security procedures and processes.
· Collaborate with IT and security teams to ensure timely resolution of security incidents and vulnerabilities, working closely with the incident response team.
· Implement and maintain IAM technologies to ensure audit and privacy compliance, and design controls to mitigate those risks.
Compliance Management:
· Lead PCI DSS (Payment Card Industry Data Security Standard) compliance efforts, including annual assessments, internal and external audits, and reporting.
· Develop, implement, and maintain compliance standards, documentation, and controls to ensure adherence with PCI DSS and other regulatory requirements.
· Conduct internal compliance audits and assessments, identifying and addressing gaps in compliance.
· Coordinate with internal and external auditors for compliance assessments and certifications.
· Conduct regular PCI compliance training and awareness programs for staff.
· Remain current on PCI DSS updates and changes and communicate their impact to relevant stakeholders.
Risk Management:
· Conduct thorough risk assessments to identify, evaluate, and mitigate risks associated with business systems and processes.
· Maintain a risk register, documenting identified risks, assessment outcomes, and mitigation strategies.
· Develop and implement risk management frameworks and policies.
· Regularly review and update risk management practices to reflect changes in the threat landscape and regulatory environment.
Data Governance:
· Maintain and update data governance frameworks, policies, and establish procedures to ensure data quality, integrity, and security as requirements evolve.
· Establish data stewardship procedures and ownership roles and responsibilities within the organization.
· Collaborate with business units and cross-functional teams to ensure compliance with data governance standards and practices according to established guidelines.
· Implement and maintain security controls around established data classification schemas to categorize data based on sensitivity, criticality, and usage.
· Monitor and report on data governance metrics, identifying areas for improvement and implementing corrective actions.
Training and Awareness:
· Develop and deliver training programs to educate staff on compliance requirements, security policies, and risk management practices.
· Conduct regular awareness sessions to keep employees informed about the latest security threats and compliance updates.
Documentation and Reporting:
· Create and maintain detailed documentation for compliance activities, risk assessments, and security controls.
· Develop and maintain comprehensive documentation for IT governance, risk management, and PCI compliance activities.
· Prepare comprehensive reports on compliance status, risk management activities, and security incidents for senior management and regulatory bodies.
· Maintain records of compliance audits, risk assessments, and security incident responses.
Qualifications
· Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
· Minimum of 5 years of experience in one or more cybersecurity domain including, but not limited to: Security & Risk Management, Security Operations, Network Security, Identity & Access Management, Architecture and Engineering, with a strong focus on PCI DSS.
· In-depth knowledge of PCI DSS requirements, security and privacy frameworks, and standards such as ISO 27001 and NIST.
· Proven experience in conducting security assessments, managing risk mitigation plans, and implementing technical security controls.
· Strong analytical, problem-solving, and decision-making skills.
· Excellent communication and interpersonal skills, with the ability to work effectively with cross-functional teams or lead projects independently.
· Relevant certifications (CISM, CISSP, CRISC) or PCI QSA (Qualified Security Assessor), are highly desirable.
Additional Information:
Ability to work in a fast-paced, dynamic environment with minimal supervision.Occasional travel may be required for training and industry events.
Omni Hotels & Resorts is an equal opportunity employer - vets/disability. The EEO is the Law poster and its supplement are available using the following links: EEOC is the Law Poster and the following link is the OFCCP's Pay Transparency Nondiscrimination policy statement
If you are interested in applying for employment with Omni Hotels & Resorts and need special assistance to apply for a posted position, please send an email to applicationassistance@omnihotels.com.