Omni Hotels and Resorts
IT Security Director
Omni Hotels and Resorts, Dallas, Texas, United States, 75215
Overview
Omni Hotels and Resorts creates genuine, authentic guest experiences at 60 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America. Omni Hotels is known for its exemplary culture, authenticity to the markets in which we operate, innovation and exceptional service. Our commitment to career development has created tenure and loyalty that enables us to perpetuate our family atmosphere.
Job Description
As an IT Security Director, you will play a critical role in defining and implementing Omni’s IT security strategy and will ensure the security posture is robust, proactive, and adequately protects the organization’s informational assets. This is a hands-on Director opportunity, and this leader will partner with the CIO, IT leadership team and multiple internal stakeholders.
Responsibilities
Security Infrastructure Management:
Design, implement, and maintain security systems and tools, including firewalls, intrusion detection/prevention systems, endpoint detection software, encryption protocols, etc.
Monitor security infrastructure for suspicious activities and respond promptly to security incidents.
Conduct regular security assessments and vulnerability scans to identify and address potential weaknesses and take charge of ensuring those vulnerabilities are remediated.
Work with key security vendors and partners to implement recommendations and best practices. Ensure Omni is maximizing its investment and receiving the highest level from vendor provided services.
Review security patches and approve/deny for all endpoints and infrastructure.
Access Control and Authentication:
Audit user accounts and access permissions to ensure least privilege principles are upheld.
Implement and manage authentication mechanisms, such as multi-factor authentication and single sign-on solutions.
Enforce security policies and procedures related to user authentication and access control.
Audit and enforce endpoint or server access control.
Incident Response and Forensics:
Develop and maintain incident response plans and procedures for handling security incidents.
Work alongside our MDR and 24x7 SOC to triage alerts and investigations.
Investigate security breaches, conduct root cause analysis, and recommend remedial actions to prevent recurrence.
Collaborate with cross-functional teams to contain and mitigate security incidents effectively.
First line of escalation for security related incidents. Must be comfortable with receiving alerts or communications outside of normal business hours.
Security Compliance and Auditing:
Ensure compliance with relevant regulatory requirements, industry standards, and best practices (e.g., PCI, GDPR, CCPA, ISO 27001).
Coordinate and participate in security audits and assessments, providing documentation and evidence as required.
Address audit findings and implement corrective actions to maintain compliance posture.
Work with the IT GRC team on 3rd party risk management and review.
Security Awareness and Training:
Develop and deliver security awareness training programs for employees to promote a culture of security awareness.
Keep abreast of the latest cybersecurity threats, trends, and technologies, and disseminate relevant information to stakeholders.
Foster a culture of continuous improvement by recommending enhancements to security policies, procedures, and controls.
Qualifications
Bachelor’s degree in computer science, Information Technology, or related field.
10+ years of overall experience, including 4+ years in security management.
Hands-on experience with various security areas, such as network security and incident response.
Information security certification required (e.g., CISSP, CISM, CEH).
Proven experience in IT security administration, with a focus on network security, endpoint security, and security operations.
In-depth knowledge of security principles, protocols, and technologies (e.g., encryption, VPNs, SIEM, IDS/IPS, EDR, DLP, CASB, SASE, Zero Trust).
Familiarity with tabletop exercises and penetration tests.
In-depth knowledge of PCI compliance.
Strong analytical and problem-solving skills, with the ability to troubleshoot complex security issues.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
Ability to work independently and prioritize tasks in a fast-paced environment.
Commitment to maintaining the highest standards of confidentiality, integrity, and professionalism.
Omni Hotels & Resorts is an equal opportunity/AA/Disability/Veteran employer.
#J-18808-Ljbffr
Omni Hotels and Resorts creates genuine, authentic guest experiences at 60 distinctive luxury hotels and resorts in leading business gateways and leisure destinations across North America. Omni Hotels is known for its exemplary culture, authenticity to the markets in which we operate, innovation and exceptional service. Our commitment to career development has created tenure and loyalty that enables us to perpetuate our family atmosphere.
Job Description
As an IT Security Director, you will play a critical role in defining and implementing Omni’s IT security strategy and will ensure the security posture is robust, proactive, and adequately protects the organization’s informational assets. This is a hands-on Director opportunity, and this leader will partner with the CIO, IT leadership team and multiple internal stakeholders.
Responsibilities
Security Infrastructure Management:
Design, implement, and maintain security systems and tools, including firewalls, intrusion detection/prevention systems, endpoint detection software, encryption protocols, etc.
Monitor security infrastructure for suspicious activities and respond promptly to security incidents.
Conduct regular security assessments and vulnerability scans to identify and address potential weaknesses and take charge of ensuring those vulnerabilities are remediated.
Work with key security vendors and partners to implement recommendations and best practices. Ensure Omni is maximizing its investment and receiving the highest level from vendor provided services.
Review security patches and approve/deny for all endpoints and infrastructure.
Access Control and Authentication:
Audit user accounts and access permissions to ensure least privilege principles are upheld.
Implement and manage authentication mechanisms, such as multi-factor authentication and single sign-on solutions.
Enforce security policies and procedures related to user authentication and access control.
Audit and enforce endpoint or server access control.
Incident Response and Forensics:
Develop and maintain incident response plans and procedures for handling security incidents.
Work alongside our MDR and 24x7 SOC to triage alerts and investigations.
Investigate security breaches, conduct root cause analysis, and recommend remedial actions to prevent recurrence.
Collaborate with cross-functional teams to contain and mitigate security incidents effectively.
First line of escalation for security related incidents. Must be comfortable with receiving alerts or communications outside of normal business hours.
Security Compliance and Auditing:
Ensure compliance with relevant regulatory requirements, industry standards, and best practices (e.g., PCI, GDPR, CCPA, ISO 27001).
Coordinate and participate in security audits and assessments, providing documentation and evidence as required.
Address audit findings and implement corrective actions to maintain compliance posture.
Work with the IT GRC team on 3rd party risk management and review.
Security Awareness and Training:
Develop and deliver security awareness training programs for employees to promote a culture of security awareness.
Keep abreast of the latest cybersecurity threats, trends, and technologies, and disseminate relevant information to stakeholders.
Foster a culture of continuous improvement by recommending enhancements to security policies, procedures, and controls.
Qualifications
Bachelor’s degree in computer science, Information Technology, or related field.
10+ years of overall experience, including 4+ years in security management.
Hands-on experience with various security areas, such as network security and incident response.
Information security certification required (e.g., CISSP, CISM, CEH).
Proven experience in IT security administration, with a focus on network security, endpoint security, and security operations.
In-depth knowledge of security principles, protocols, and technologies (e.g., encryption, VPNs, SIEM, IDS/IPS, EDR, DLP, CASB, SASE, Zero Trust).
Familiarity with tabletop exercises and penetration tests.
In-depth knowledge of PCI compliance.
Strong analytical and problem-solving skills, with the ability to troubleshoot complex security issues.
Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
Ability to work independently and prioritize tasks in a fast-paced environment.
Commitment to maintaining the highest standards of confidentiality, integrity, and professionalism.
Omni Hotels & Resorts is an equal opportunity/AA/Disability/Veteran employer.
#J-18808-Ljbffr