Director of Information Security
US - Remote
At Otelier, we put data and efficiency at the heart of hotel operations so hoteliers can return to hospitality. As the hospitality software behind every great host, we provide the tools to automate back-office tasks, streamline budgeting and forecasting, and offer crystal-clear insights into property or portfolio performance. Embrace the opportunity to be part of a transformative journey with Otelier, where we harness data to optimize operations, facilitate decision-making, and automate the mundane. This is not just a career—it's a chance to shape the future of hospitality, making data work for the industry, not the other way around.
The Director of Information Security is an executive responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. They will oversee and direct the organization’s information security strategy, operations, and compliance.
- Lead enterprise-wide risk assessments and coordinate quarterly risk management reviews to ensure identified risks are effectively mitigated across the organization.
- Collaborate with departments to identify potential security risks and create tailored risk management processes. Ensure Otelier’s technology platforms adhere to industry best practices.
- Develop and implement security policies and procedures in line with regulatory and client-specific requirements. Align security measures with Otelier’s business objectives and growth plans, ensuring the security program meets internal and client standards.
- Evaluate and select technology solutions that support Otelier’s strategic goals for security and the functionality of core software products and services.
- Monitor IT security threats in real-time and manage the firm’s incident response process. Serve as the incident response plan owner, developing and implementing strategies to prevent future security incidents.
- Ensure compliance with relevant IT security regulations and standards, including SOC and GDPR. Assess new technologies for compliance and verify that existing technologies meet Otelier’s security requirements.
- Plan, design, and implement Otelier’s IT and network security strategy. Work with internal teams and external vendors to ensure system compliance with company policies and procedures. Present plans and designs to Otelier clients and internal stakeholders on a regular cadence.
- Oversee regular updates, patches, and security assessments. Keep engineering teams informed of new vulnerabilities, tools, and processes, establishing benchmarks to evaluate performance against security goals.
- Recommend and evaluate hardware and software to support Otelier’s security strategy. Assess vendors and negotiate contracts to meet security requirements while collaborating with other departments to ensure business services align with security standards.
- Implement access controls and monitor user activity to prevent data misuse. Regularly review user accounts, administrative access, and security logs to confirm staff compliance with security protocols.
- Promote a security-focused culture within the organization. Develop and implement a cybersecurity hygiene training program in collaboration with Human Resources to ensure all staff are trained and compliant.
- Investigate and resolve internal and external data breaches, ensuring all technical teams follow Otelier’s Incident Response Plan (IRP). Conduct thorough investigations, implement corrective actions, and follow up to ensure the long-term effectiveness of these measures.
- Provide regular written reports on IT network security to executive leadership. Develop an annual security roadmap outlining short-, medium-, and long-term objectives. Offer insights to IT leaders and executives on the organization’s security posture and initiatives.
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or arelated field. Equivalent work experience will also be considered. MBA or advanced degree preferred.
- 10+ years of experience in risk management, information security, or a related field.
- Extensive experience in managing complex security programs in an environment with multiple core technologies such as Windows Server and Linux.
- Proficiency in programming languages such as C, C++, .NET, and Java. Must be able to analyze software code to determine its security effectiveness.
- Strong understanding of security technologies and processes. ITIL experience is desirable.
- Strong leadership and project management abilities.
- Exceptional written and verbal communication skills.
- Awareness of relevant legal and regulatory landscapes. SOC 2 compliance experience is required.
What We Offer (US Benefits)
- A global workforce with flexible hybrid and WFH options.
- 401k Plan (Traditional & Roth) with company match.
- Flexible PTO policy to refresh & recharge.
- Comprehensive Medical, Dental & Vision plans for you and your dependents.
- Paid parental leave when expanding your family.
- Additional company paid benefits, such as LTD, STD, and life insurance to give you peace of mind for life’s unexpected moments.
This position offers a base compensation range of $210,000 to $230,000. This range represents the potential compensation for this role, with actual pay varying based on factors such as the location, skills, experience, and qualifications. Compensation may vary from the stated range. This information is provided to applicants in accordance with state and local laws.
ApplyJob Profile
Additional company paid benefits Comprehensive medical, dental & vision plans Flexible hybrid and WFH options Flexible PTO Flexible PTO policy Hybrid work Paid parental leave
Tasks- Develop security policies
- Ensure compliance
- Establish security strategy
- Manage incident response
- Monitor security threats
- Oversee risk assessments
- Train staff on security
Budgeting Communication Compliance Cybersecurity Data Protection GDPR Incident Response Information security IT Security Network security Project Management Risk Management Security policies Security Training SOC Vendor Management
Experience10 years
EducationComputer Science Information Technology Related Field
Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9