Join the Hotschedules team as our….Information Security Architect

HS is seeking an Information Security Architect to lead the company’s information security program.  This is a hands-on role that requires a highly motivated technology professional to assess and action all technology-related security and compliance issues across the organization including information security, privacy, disaster recovery, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.  This role serves as an expert advisor to senior management in the development, implementation and maintenance of a Company-wide information security infrastructure to ensure best practice control objectives are achieved for system integrity, availability, confidentiality, compliance, accountability, and assurance.

The Information Security Architect will also be responsible for the development, improvement,  and implementation of policies, procedures, and controls to ensure that the organization's practices remain observant to all pertinent local, state/province/county and federal laws and industry standards. In this role, the Information Security Architect will be working directly with other security resources as well as non-IT compliance professionals such as legal, audit and corporate compliance to coordinate necessary changes and ensure organizational alignment.

Your Responsibilities:

• Responsible for establishing and maintaining the company’s security program. This includes the development, testing, and implementation of appropriate security plans, products, and control techniques including the ongoing administration, monitoring, and auditing of controls.
• Identify the associated IT compliance control gaps and design, document, implement, and test the entire IT compliance control set.
• Manage, execute, and drive all required activities to obtain applicable legal and regulatory certifications, including, but not limited to, the ISO 27001, SSAE-16, GDPR, EU/US Privacy Shield, and PCI.
• Review current technology and information policies and practices for continued applicability and effectiveness with respect to security and governmental compliance.
• Develop and implement policies and procedures to ensure that the organization's practices remain observant to all relevant laws, government regulations, and client contracts
• Maintain, improve, and publish up-to-date security policies, standards, and guidelines, and provide for the training and dissemination of security policies and practices
• Oversee and review all legal technology issues across the organization, including providing objective assessments of the company's compliance with legislation governing the organization's information technology systems, industry-specific regulations, and contracts with clients.   
• Manage the IT compliance risk assessment framework and periodically assess the regulatory, commercial and organizational, inherent and residual IT compliance risks.

• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as CIO, legal management, regulators, internal/external auditors, etc.
• Coordinate and/or execute on all audit-related tasks such as ensuring the readiness of IT managers and their organizations for audit testing and ensuring the timely resolution of any audit findings.
• Assist business and IT managers with the acquisition of tools and expertise to assist with IT compliance-related projects and initiatives.
• Manage and update IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements, and certifies their adherence to the relevant IT compliance controls.
• Analyze technology industry and market trends, and determine their potential impact on the enterprise.

Knowledge, Skills, and Requirements:

• A minimum of ten (10) years of IT experience, with at least five (5) years in an information security role that includes risk management and security compliance.
• A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
• Experience with managing and obtaining applicable legal and regulatory requirements, including, but not limited to, the SSAE-16, GDPR, EU/US Safe Harbor, and PCI.
• Technical knowledge of networking (TCP/IP, OSI Model) and operating system fundamentals (Windows, Linux, Mac OS X, Android, iOS, etc).  Experience with design and operations of security in a complex network environment including multiple data centers and cloud providers is ideal.
• Strong sense of ownership, accountability, and ability to prioritize work effectively.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering, IT operations staff, legal, and audit and compliance staff and third party vendors.
• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, management, and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining mitigation strategies.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Experience in system and application technology security testing (vulnerability scanning and penetration testing).

We Are:

Well-known across the globe for bringing the restaurant, retail and hospitality industries to the Cloud with our pioneering web & mobile products, superior customer service – and the people who make this happen.

Our Values: Because they are important to us!

Hospitality – We go beyond the expected to provide unparalleled experiences and help our customers do the same.

Empathy - We started in a restaurant. Service of others - both externally and internally - is in our blood.

Innovation – We never give up seeking creative ways to solve tough problems.

Community – We believe in the power of the communities we create and serve, our community of team members and in giving back to the communities we live in.

Fun – This isn’t just a job, it’s a calling, and we love it!

Accountability - We do what we say we’re going to do. If something happens to prevent that, we determine the new course and communicate quickly.

Learn more about us, our story and how we became a part of the HotSchedules family of products and services. Visit the About Us page on HotSchedules.com