Who We Are: Loews Hotels & Co is a leading owner and operator of luxury hotels with a portfolio consisting of 25 hotels and resorts in the United States and Canada. Located in major city centers and resort destinations from coast to coast, the Loews portfolio features one-of-a-kind properties that go beyond Four Diamond standards and embrace their “uniquely local” community in order to curate exciting, approachable and local travel experiences for guests.
What We Offer:
This is a bonus eligible positionCompetitive health & wellness benefits, 401(k) & company matchPaid Sick Days, Vacation, and Holidays, Paid Bereavement, Paid Pet BereavementTraining & Development opportunities, career growthTuition ReimbursementTeam Member Hotel Rates, other discounts, perks and moreWhat We’re Looking For:
We're seeking a Senior Analyst, Information Security to join our team! As an Information Senior Security Analyst, you'll be a vital line of defense against ever-evolving cyber threats. You'll leverage your technical expertise and strategic thinking to protect our organization's digital assets. We're looking for someone who thrives in a collaborative environment, fostering a culture of learning and growth within our teams.
Who You Are:
A relationship builder with a dynamic approach to developing connectionsA continually curious forward thinker who loves to find creative solutionsA team builder with the ability to establish a strong followingComfortable with taking the lead in a variety of settingsA collaborator, learner and mentor who excels in an exciting, ever-evolving environmentA sharp minded security professional who thrives on tackling complex problems and possesses a logical, methodological approach to identify, investigate, and resolve information security challengesA communicator & collaborator who bridges the gap between technical and non-technical audiences by effectively explaining complex security concepts.A master of prioritization and thrives in fast-paced environments. You excel at juggling multiple tasks, consistently meeting deadlines, and staying ahead of the curve with your proactive approach to security threats and challenges.What You’ll Do:
Vulnerability Management: Track identified weaknesses in systems and networks through vulnerability assessments and penetration testing and report on remediation progress. Security Incident Response: Track and report on all remediation efforts that are identified during the response.Conduct security risk assessments: Identifying vulnerabilities and recommending mitigation strategies. Report on mitigation strategies until fully implemented.Security Controls Effectiveness reporting: Perform monthly metrics collection and reporting on key security controlsSecurity Policy and Standards Review: Maintain up-to-date security policies and standards through regular reviews.Monitor and audit security controls: Verifying their effectiveness and adherence to policies.Your Experience Includes:
Must be willing and able to travel 3% of the timeBachelor's degree in a relevant field: Information Security, Computer Science, Cybersecurity, or a related field is preferred. May accept equivalent experience in lieu of a degree.8-10 years of experience in Information Security, with a strong track record of accomplishment.Strong understanding of information security principles and best practices: This includes knowledge of security frameworks like NIST, PCI, SOX, and common attack vectors.In-depth knowledge of PCI DSS requirements: Understanding all six control categories (Build & Maintain a Secure Network, Protect Cardholder Data, maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and Maintain an Information Security Policy) is crucial.Understanding of network security concepts: Firewalls, network segmentation, access control lists (ACLs), and secure protocols (HTTPS, SSH) are essential.Scripting skills (Python, Bash): May be required for automating security tasks.Certified Information Systems Security Professional (CISSP) or GIAC certifications