Director, Security Risk & Governance

Bringing True Hospitality to the world.

We want to welcome you to a world of bringing True Hospitality to everyone. When you join us at IHG®, you become part of our global family. A welcoming culture of warmth, honesty and a passion for providing True Hospitality.

We pride ourselves on letting your personality and passions shine, recognizing the individual contribution you make and supporting your ambition to learn and create your own career path. In making a difference to our guests and owners, colleagues and communities, every day is a chance to create great and unique experiences, in your own way.

With over 370,000 colleagues in nearly 100 countries sharing our values, there’s countless opportunities at your fingertips.

We’re growing; grow with us.

Summary

Responsible for global Security Risk & Governance of Security/GenAI for IHG to help drive prioritization of initiatives, risk identification and treatment, risk management of vendors and establishing policy for IHG colleagues.  

Key Accountabilities

• Align with IHG Enterprise Risk team to develop a Security Risk Program that allows for the identification, assessment and treatment of risk for corporate and hotel environments.
• Collaborate with corporate and regional BISOs to develop risk profiles for corporate, CRO and regional risk profiles, identifying key risks.
• Develop and maintain a risk register to track and report on risk assessment results. 
• Identify a risk quantification methodology and provide quarterly reporting to the EC and board. 
• Communicate risks to executives that exceed acceptable thresholds, capturing risk treatment decisions.
• Present risk data to security and business executives prior to budget planning processes, to help prioritize initiatives that reduce the most risk. 
• Partner with BISOs to drive risk profile and business process risk assessments. 
• Update and report on Security & AI Key Risk Indicators including initiatives to address any gaps. 
• Drive HVA Assessments and gap reporting. 
• Implement and maintain risk quantification tool including monthly reporting and gap identification. 
• Manage Third Party Security Risk program including assessments, incident response and comms. 
• Analyze new and changing regulations to determine their impact on current policies, processes, controls, and way of working. 
• Establish and manage programs to execute against identified gaps due to new/changing standards/regulations. 
• Direct global Cyber Security & GenAI policy program for IHG; updating polices annually to reflect regulatory changes. Lead policy review sessions with the Policy Steering Committee/Working Groups to further inform policy.
• Define roles for key stakeholders within IHG Security & GenAI Policies to drive accountability for control implementation; develop role-based training/awareness to educate stakeholders on their roles. 
• Drive Policy Exception Review program by coordinating efforts across IHG business/technical operations and Business Information Security Officers & GenAI working group, so that risk is clearly articulated and reported to CISO.
• Drive IHG Security Policy/Standards governance processes ensuring policy/standard alignment. 
• Manage and report on policies, standards and exceptions using ServiceNow GRC; define and report on Policy Key Risk Indicators and Key Performance Indicators, providing an executive summary to leadership monthly. 
• Partner with business/technical stakeholders and Program Manage new initiatives that will help ensure regulatory gaps that are complex, are achieved within acceptable timeline.

Key Skills & Experiences

Education

Bachelor’s degree with work experience in Computer Science/MIS/IT, Business Administration or related field OR an equivalent combination of education and work-related experience

Experience

10+ years progressive work-related experience in program/project management, business implementation, strategic project leadership, consulting, or project governance. Experience managing small to mid-sized teams. Advanced experience in managing complex initiatives. Demonstrated proficiency in multiple disciplines, including but not limited to process/program redesign, organizational change management, training program development, and project / program management.   

Technical Skills and Knowledge

•  Knowledge of security-related standards/regulations including Payment Card Industry (PCI)

•  Experience implementing programs, policy, standard and/or compliance programs.

•  Effective verbal and written communication skills with the ability to take complex information and present to all levels of management, staff, clients and vendors.

•  Understanding of diverse company policies, products, markets, processes, platforms, hotel operations and technology applications as well as a strong understanding of business principles and practices. 

•  Demonstrated experience in supporting corporate strategies through the development of cross-functional solutions from a commercial and financial viewpoint.

•  PMP and security certifications (CISA, CISM, CISSP) strongly preferred.

We’ll reward all your hard work with a great salary and benefits – including great room discount and superb training.

Join us and you’ll become part of the global IHG family – and like all families, all our individual team members share some winning characteristics. As a team, we work better together – we trust and support each other, we do the right thing, and we welcome different perspectives. You need to show us you care that you notice the little things that make a difference to guests as well as always looking for ways to improve - click here to find out more about us.

At IHG Hotels & Resorts, we are proud to be an equal opportunity employer.  IHG Hotels & Resorts provides equal employment opportunities to applicants and employees without regard to an individual’s, race, color, ethnicity, national origin, religion, sex, sexual orientation, gender identity or expression, age, disability, marital or familial status, veteran status or any other characteristic protected by law. 

IHG is committed to promoting a culture of inclusion where everyone feels safe, respected and valued. We seek talent from all backgrounds to join our teams and encourage our colleagues to bring their authentic and best selves to work. 

Not Applicable for Colorado Applicants.

#LI-CB1

#Hybrid