Information Security Analyst

Our Loews Hotels & Co Home Office teams provide support to all our properties throughout the United States and Canada. Our talented teams provide guidance over strategic planning, operations, revenue management, communications, marketing, finance, human resources, and information technology. This position is based at the Lakewood Regional Support Center on the campus of Loews Hotels at Universal Orlando in Orlando, FL.

We offer hybrid schedule flexibility based out of our office in Orlando, FL.

Who We Are: Loews Hotels & Co is a leading owner and operator of luxury hotels with a portfolio consisting of 25 hotels and resorts in the United States and Canada. Located in major city centers and resort destinations from coast to coast, the Loews portfolio features one-of-a-kind properties that go beyond Four Diamond standards and embrace their “uniquely local” community in order to curate exciting, approachable and local travel experiences for guests.

What We Offer:

• This is a bonus eligible position

• Competitive health & wellness benefits, 401(k) & company match

• Paid Sick Days, Vacation, and Holidays, Paid Bereavement, Paid Pet Bereavement

• Training & Development opportunities, career growth

• Tuition Reimbursement

• Team Member Hotel Rates, other discounts, perks and more

What We’re Looking For:

We're seeking an Information Security Analyst to join our team!

As an Information Security Analyst, you'll be a vital line of defense against ever-evolving cyber threats.  You'll leverage your technical expertise and strategic thinking to protect our organization's digital assets.  We're looking for someone who thrives in a collaborative environment, fostering a culture of learning and growth within our teams.  

Who You Are:

• A relationship builder with a dynamic approach to developing connections

• A continually curious forward thinker who loves to find creative solutions

• A team builder with the ability to establish a strong following

• Comfortable with taking the lead in a variety of settings

• A collaborator, learner and mentor who excels in an exciting, ever-evolving environment

• A sharp minded security professional who thrives on tackling complex problems and possesses a logical, methodological approach to identify, investigate, and resolve information security challenges

• A communicator & collaborator who bridges the gap between technical and non-technical audiences by effectively explaining complex security concepts.

• A master of prioritization and thrives in fast-paced environments. You excel at juggling multiple tasks, consistently meeting deadlines, and staying ahead of the curve with your proactive approach to security threats and challenges.

What You’ll Do:

• Vulnerability Management: Track identified weaknesses in systems and networks through vulnerability assessments and penetration testing and report on remediation progress.  

• Security Incident Response: Track and report on all remediation efforts that are identified during the response.

• Conduct security risk assessments: Identifying vulnerabilities and recommending mitigation strategies.  Report on mitigation strategies until fully implemented.

• Security Controls Effectiveness reporting: Perform monthly metrics collection and reporting on key security controls

• Security Policy and Standards Review: Maintain up-to-date security policies and standards through regular reviews.

• Monitor and audit security controls: Verifying their effectiveness and adherence to policies.

Your Experience Includes:

• Must be willing and able to travel 3% of the time

• Bachelor's degree in a relevant field: Information Security, Computer Science, Cybersecurity, or a related field is preferred. May accept equivalent experience in lieu of a degree.

• 8-10 years of experience in Information Security, with a strong track record of accomplishment.

• Strong understanding of information security principles and best practices: This includes knowledge of security frameworks like NIST, PCI, SOX, and common attack vectors.

• In-depth knowledge of PCI DSS requirements: Understanding all six control categories (Build & Maintain a Secure Network, Protect Cardholder Data, maintain a Vulnerability Management Program, Implement Strong Access Control Measures, Regularly Monitor and Test Networks, and Maintain an Information Security Policy) is crucial.

• Understanding of network security concepts: Firewalls, network segmentation, access control lists (ACLs), and secure protocols (HTTPS, SSH) are essential.

• Scripting skills (Python, Bash): May be required for automating security tasks.

• Certified Information Systems Security Professional (CISSP) or GIAC certifications