Security Risk Analyst IV

Title: Sr. Manager, Security Risk Analyst IV

Location: Orlando, FL

Salary: $115,000 - $125,000 + bonus + benefits

Phaidon International is partnered with a leading global provider of vacation ownership, rental, and resort experiences, who are known for their vacation club memberships, timeshare properties, and luxury travel options across a portfolio of high-end resorts and destinations. With a strong focus on customer service, they offer flexible vacation solutions such as points-based systems and exchange programs while operating under multiple well-known hospitality brands.

They are currently undergoing a technology transformation, with a focus on modernization to improve relationships with customers and further expand their accessibility across all experiences and destinations. The goal is to be a technology leader in hospitality, and they are looking for individuals eager to bring their expertise to the organization long-term.

Under the new leadership of the CIO, the team has been reinvigorated and are primed for growth across their entire Global Technology organization including Engineering & Operations, Data Platforms & Engineering, Artificial Intelligence, Information Security, Privacy, Infrastructure, Products & Platforms, Delivery Office, and the Office of the CIO. The business intends to double it's spending on Technology across the organization for each of the next 3 years. This is your opportunity to be a part of the journey and drive innovation through technology adoption.

In this role you will be responsible for creating and executing strategies that protect the organization's information systems and technology assets. This role focuses on securing digital resources and maintaining a strong security framework. You will oversee efforts and assessment outcomes, ensuring the effective implementation of security governance, risk management, and compliance programs to identify, evaluate, and mitigate security risks. Key responsibilities include:

• Partnering with IT leadership to ensure security strategies are aligned with business goals and objectives.
• Identifying and evaluating security risks within the organization's technology infrastructure and processes.
• Offering guidance and oversight on security risk assessments, ensuring they align with industry standards and company policies.
• Leveraging tools and software to facilitate governance, risk assessment, and compliance management, including risk assessment systems, compliance tracking platforms, and reporting dashboards.
• Continuously reviewing cybersecurity controls to ensure their effectiveness, compliance, and alignment with key policies, and leading efforts to address any gaps.
• Identify, assess, and mitigate internal and external risks.
• Conduct more advanced quantitative and qualitative analysis for business processes and/or projects. Often oversees smaller projects, business processes, or segments of larger initiatives.
• Provide leadership and oversight for security risk assessment projects, ensuring they follow industry best practices and company policies.
• Collaborate closely with legal, compliance, and regulatory teams to ensure adherence to industry standards, regulations, and data protection requirements.
• Identify opportunities to enhance processes within the GRC development lifecycle, recommending and implementing improvements to optimize workflows and increase efficiency.
• Develop and maintain technical security configuration standards.
• Create and communicate security policies, standards, and procedures to ensure consistent security practices across the organization.
• Stay informed about relevant regulations, standards, and industry best practices, and implement necessary updates to GRC systems to ensure ongoing compliance.
• Coordinate and participate in security audits and assessments, managing responses to audit findings.

Required Experience:

• Bachelor's degree in an IT-related field or equivalent work experience (preferred).
• Advanced security certification (preferred), such as CISSP, CISM, CRISC, CISA, CGEIT.
• Six to eight years of progressively responsible experience in information security roles.
• At least five years in a technical audit, security compliance, or similar role.
• Deep understanding of security frameworks (e.g., NIST, ISO 27001, CIS), regulatory requirements, and industry standards.
• Strong expertise in risk assessment methodologies and tools.
• Extensive knowledge of security risk assessment techniques, vulnerability management, and threat modeling.
• Familiarity with database management systems (SQL, NoSQL) and data modeling.
• Experience with workflow design, basic development, and API integration functionality.
• Proficiency in using GRC/ERM tools.
• Solid knowledge of IP networking concepts, major operating systems, and cloud computing environments.
• General working knowledge of web application and network technologies, programming languages, databases, and operating systems (Linux, Unix, Mac OS X, Windows).
• Advanced understanding of security principles, standards, and processes, including authentication and access control, secure configurations, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, and cloud security.