Senior Manager - InformationSecurity


6905 Rockledge Drive
Bethesda, MD 20817

Senior Manager - Information Security

Enregistrer ce travail

With a career at HMSHost, you really benefit! We offer:

  • Health, dental and vision insurance
  • Generous paid time off (vacation, flex or sick)
  • Holiday pay
  • 401(k) retirement plan with company match
  • Company paid life insurance
  • Tuition reimbursement
  • Free parking and onsite fitness center
  • Wellbeing Support Program
  • Training and exciting career growth opportunities
  • Referral program – refer a friend and earn a bonus

Purpose The Senior Manager Information Security is responsible for overseeing Information Security and compliance programs for infrastructure applications. This role is responsible for corporate policies and procedures, and for providing expert advice in risk assessment, business continuity planning, information security, change management and executing a comprehensive risk-based internal audit plan for the Company’s information technology controls.

Essential Functions

  • Executes and delivers Information Security strategy through assessment, design and implementation of governance frameworks, controls, processes and infrastructure
  • Designs, implements and manages security solutions and remediation programs to address security risks
  • Evaluates identity and access management (IDAM) practices and develops solutions to improve IDAM processes, privileged access and recertification programs
  • Develops security policies, procedures, standards, and controls in line with regulation and current standards, ISO27001, NIST, SANS etc.
  • Implements data protection and privacy programs to ensure confidentiality and security of personal data
  • Develops and implements programs to improve IT Disaster Recovery and Business Continuity
  • Creates secure patterns for reuse and delivery of architectural reviews using TOGAF or SABA
  • Evaluates security of emerging technology platforms – mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, social media
  • Performs security risk and controls assessments and penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues
  • Assists client in evaluating, enhancing, developing, and managing various programs including Cybersecurity, Business Continuity and Disaster Recovery, Data Protection and Privacy, Threat and Vulnerability, Security Incident Detection and Response, Identity and Access Management, Security Operation Centre and SIEM, Data Loss Prevention, Security Awareness and Training, Phishing Campaigns
  • Ensures infrastructure and applications are compliant with regulatory and IT best practice standards and internally established IT policies and procedures
  • Assists with design, implementation and management of CCPA/CPRA, SOC2, ISO, and PCI audit process
  • Provides subject matter expert advisory services to IT and the business as it relates to regulatory and industry compliance issues
  • Manages, coordinates and executes internal compliance testing, documentation and follow-up
  • Performs operational audits to ensure compliance of infrastructure/applications with regulatory or internally established IT policies and procedures; provides written reports to senior management regarding recommendations and conclusions
  • Assists in the development of procedures and policies governing the management and operation of key regulated computer systems

Reporting Relationship This position reports to the VP Infrastructure and Security

Major Interdependencies All Corporate departments

Minimum Qualifications, Knowledge, Skills, and Work Environment

  • Education and Experience: The combination of education and professional experience must exceed 6 years:

    • In a technical role: Requires 6 years of experience engaged in delivering IT security and compliance programs
    • A bachelor’s degree in Computer Science, Information Systems, Cybersecurity or a program related to the functional area can count for 2 of the 6-year requirement
    • In the industry: 3-5 years of Hospitality, F&B and/or Retail experience desirable
  • Specialized Training:

    • Extensive knowledge of compliance and privacy regulations such as PCI-DSS, Law 262, SOC-2, ISO, HIPAA and CCPA/CPRA
    • Information Technology Infrastructure Library (ITIL) experience
    • Strong Knowledge of common IT service management, cybersecurity and risk management frameworks, such as ITIL, ISO 27000 and NIST
  • Specialized Skillset/Competencies/Traits

    • Business acumen and also has the mindset required to understand the long-term implications of IT security and compliance planning and to advance the organizations goals
    • Demonstrated history of understanding the needs of the business, stakeholders, the employee population, and individual circumstances
    • Demonstrated history of creating and maintaining positive work environments through coaching, developing, and leading teams to achieve common goals
  • Travel/Location:

    • Location: Requires a regular presence in F&B and/or Retail Center of Excellence locations


All job requirements are subject to change to reflect the evolving position requirements or to reasonably accommodate individuals with disabilities. Some requirements may exclude individuals who pose a threat or risk to the health and safety of themselves or other employees. This job description in no way states or implies that these are the only duties to which will be required in this position. Employees will be required to follow other job-related duties as requested by their supervisor/manager (within guidelines and compliance with Federal and State Laws). Continued employment remains on an "at-will" basis.

Dufry, Hudson and HMSHost are equal opportunity employers and do not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factors.

Enregistrer ce travail

About HMSHost

We are a global hospitality company with a passion for service! HMSHost offers the size, resources, training, and advancement opportunities you need to reach your most important career goals.

We believe in a culture of engagement. We strive to practice behaviors that set all associates up for success. We foster a culture of appreciation, caring and inclusion. We also believe in being the best version of yourself that you can be. We support this with competitive wages, robust benefits and recognition for a job well done.

HMSHost managers are coaches, guiding their teams to achieve great results while having fun and making a difference every day. Our managers show their passion for service and hospitality, are open to different ideas and perspectives, can adjust to the pace of our business, and serve the needs of our associates, guests, brands and other stakeholders.

We value manager-coaches who are reliable, can be counted on to do the right thing and focus on the simplicity of our mission – ensuring everyone feels great at work, and that our travelers are feeling great on the move.

At HMSHost, we know our success is based on great people, strong teams, and a fun environment. If you have positive energy, a passion for serving others, enjoy a fast-paced environment, are a team player, like to learn and grow and have fun at work – apply now!

Bethesda, MD

HMSHost is an equal opportunity employer and does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other applicable legally protected characteristics. HMSHost is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you are an applicant with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access HMSHost’s online applicant portal as a result of your disability. You can request reasonable accommodations by sending an email to