Business Information Security Manager
Business Information Security Manager
Apply locations: Four Seasons Corporate Office Toronto
Time type: Full time
Posted on: Posted 2 Days Ago
Time left to apply: End Date: January 19, 2025 (29 days left to apply)
Job requisition id: REQ10333835
About Four Seasons:
Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart.
At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime.
*This is a 12 Month Contract*
The Business Information Security Manager will partner with stakeholders in the commercial team to ensure that technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against Four Seasons. They will lead or contribute to the completion of risk and control design assessments for Commercial applications as well as risk mitigation and remediation plans and remediation strategy.
This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Director, Global Information Security.
Key Activities
Core Activities
- Guide Commercial partners on a broad range of specific Technology Controls and Information Security programs, policies, and standards.
- Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
- Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats.
- Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for the Commercial team.
- Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Adhere to, advise, oversee, monitor, and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the Commercial team.
- Demonstrate ability to apply organization IT Security policies at a product and platform level.
- Participation and coordination activities for Security incidents related to Commercial technologies.
- Represents the IT Security leadership team at meetings and acts on behalf as requested.
Program Management
- Supports Commercial team in planning stages of new initiatives to ensure "secure-by-design" principles are being considered and implemented.
- Collaborates with Enterprise Architecture and Global IT Security to confirm proposed solutions are compatible with Four Seasons IT standards and processes.
- Accountable for the understanding of business requirements, validating that solutions will meet internal security requirements prior to development or implementation.
- Partners with Commercial teams to complete business cases by providing relevant IT Security expertise.
- Aligns Commercial initiatives with Infrastructure and Security technology roadmaps.
- Monitors project risks related to IT Security, implement mitigation plans for associated risks.
Advocacy
- Contribute to a compelling vision, clear direction and strategy for the Global IT Security and Commercial teams.
- Generate enthusiasm and understanding of the IT Security vision and how each discipline contributes to the achievement of that vision.
- Ensure appropriate processes are in place and executed to drive collaboration and alignment within the IT Security and Infrastructure organization.
Stakeholder Management
- Interact and build relationships at all levels of the Commercial organization, including business partners and vendors.
- Work with Commercial teams globally to ensure compliance with Global IT Security processes, procedures, policies, standards, templates, and guidelines.
- Stay abreast with evolving information and technology risks, new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing company compliance with as required.
Desired Skills
- Excellent business acumen and experience managing relationships with fast paced, results driven Marketing professionals.
- Able to manage conflict, timeline misalignment and can elegantly advocate for the importance of compliance and operational governance.
- Strong negotiating, influencing and problem resolution skills.
- Passion for Information Security and Privacy disciplines.
- Highly critical and analytical disposition.
- High attention to detail and strong listening skills.
- Ability to work independently with minimal supervision.
- Natural curiosity and an ability to undertake creative exploration.
- Self-motivated, with critical attention to deadlines and reporting.
- The ability to manage tasks simultaneously and meet deadlines within a high energy, fast paced and evolving environment.
- The ability to grasp and communicate technical issues to a variety of audiences.
- Strong advocate for an information risk culture.
- Well-rounded understanding of the information security risks generated by incorrectly deployed and configured applications.
- Exceptional communication skills and confidence to engage, challenge and/or make presentations with stakeholders who may have limited expert technical knowledge.
Experience, Education and Professional Qualifications
- Bachelor’s degree or equivalent business qualifications.
- Information Security Certification or Accreditation an asset.
- Experience working in an Agile business environment.
- Strong understanding of security best practices including NIST CSF, PCI DSS, and other leading control frameworks.
- Strong understanding of cloud operations and associated security capabilities.
- Experience with Marketing and Commercial technologies.
- Experience participating in Digital initiatives with a strong predisposition to tying work effort to Objectives and Key Results (OKRs).
- Strong level of network, application, and other technical security controls.
- Preferred experience in a hospitality/service environment.
This role will be a Hybrid working model, which will require 2-3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid.
Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.
Dedicated to perfecting the travel experience through continual innovation and the highest standards of hospitality, Four Seasons can offer what many hospitality professionals dream of - the opportunity to build a life-long career with global potential and a real sense of pride in work well done.