Hrs As a Company
HRS, a pioneer in business travel, aims to elevate every stay through innovative technology. With over 50 years of experience, their digital platform, driven by ProcureTech, TravelTech, and FinTech, transforms how companies and travelers Stay, Work, and Pay.
ProcureTech digitally revolutionizes lodging procurement, connecting corporations and suppliers in a cutting-edge ecosystem. This enables seamless efficiency and automation, surpassing travelers' expectations.
TravelTech redefines the online lodging experience, offering personalized content from selection to check-in, ensuring an unparalleled journey for corporate travelers.
In FinTech, HRS introduces advancements like mobile banking and digital payments, turning corporate back offices into touchless lodging enablers, eliminating legacy cost barriers. The innovative 2-click book-to-pay feature streamlines interactions for travelers and hoteliers.
Combining these technology propositions, HRS unlocks exponential catalyst effects. Their data-driven focus delivers value-added services and high-return network effects, creating substantial customer value.
HRS's exponential growth since 1972 serves over 35% of the global Fortune 500 and leading hotel chains.
Join HRS to shape the future of business travel, empowered by a culture of growth and setting new industry standards worldwide.
BUSINESS UNIT
The Security Department is a critical function within our organization, reporting directly to the CEO and responsible for safeguarding the security of our operations on a global scale. This department is divided into three specialized teams: the Security Operations Team, the Security Compliance Team, and the Fraud Prevention Team.
- The Security Operations Team focuses on the implementation and management of advanced security technologies, monitoring, and responding to threats in real-time to ensure the protection of our systems, networks, and data.
- The Security Compliance Team ensures that our security policies, procedures, and practices adhere to industry standards and regulatory requirements, working closely with business departments to maintain and enhance our compliance posture.
- The Fraud Prevention Team is dedicated to identifying, preventing, and mitigating fraudulent activities across all facets of the organization, ensuring the integrity of our operations and protecting against financial and reputational risks.
Together, these teams collaborate to deliver a comprehensive security strategy that protects our assets and supports our global operations.
POSITION
We are currently seeking a Security Compliance Engineer (m/f/d) to join our Security Team. Reporting to the CISO, this role is pivotal in securing our enterprise application landscape, including modern cloud architecture, using state-of-the-art security tools. Our strategic goal is to achieve and maintain ISO27001 certification in addition to our TISAX label and PCI-DSS certification, which requires establishing and rolling out an ISMS, supporting business departments in defining their procedures, and ensuring compliance.
CHALLENGE
Compliance Management
- Design and implement security policies and procedures, especially in the context of industry standards like ISO27001/2 and PCI-DSS.
- Ensure compliance with applicable laws, regulations, and standards (e.g., GDPR, HIPAA, PCI-DSS, ISO 27001).
- Monitor and report on compliance status to senior management.
- Develop and deliver security awareness and training programs for employees.
Risk Assessment and Audits
- Conduct regular risk assessments to identify potential security threats and vulnerabilities.
- Perform vulnerability assessments and penetration tests of the platform.
- Coordinate and support internal and external audits.
- Conduct internal security assessments and prepare for external compliance audits.
Incident Response and Documentation
- Assist in the development and implementation of incident response plans.
- Investigate security incidents and breaches, and implement corrective measures.
- Maintain comprehensive documentation of compliance efforts, including policies, procedures, and audit results.
- Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.
Security Engineering and Implementation
- Engineer, implement, and monitor security measures for the protection of computer systems, networks, and information.
- Identify and define system security requirements.
- Design computer security architecture and develop detailed cyber security designs.
- Prepare and document standard operating procedures and protocols.
Technical Solutions Development
- Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Ensure that security controls are effective and aligned with compliance requirements.
- Monitor and audit security controls regularly to ensure ongoing effectiveness.
FOR THIS EXCITING MISSION YOU ARE EQUIPPED WITH...
- Bachelor's degree from an accredited technical college or university or equivalent combination of education and experience.
- Fluency in English, both spoken and written, is essential.
Compliance and Policy Management
- Extensive experience in establishing, implementing, and maintaining an Information Security Management System (ISMS), particularly in alignment with ISO27001 standards.
- Demonstrated ability to write, develop, and maintain comprehensive security policies and procedures.
- Experience in defining and implementing security procedures in close collaboration with business departments to ensure alignment with organizational goals and compliance requirements.
- Solid understanding of relevant standards and regulations such as GDPR, ISO27001, TISAX, SOC2/3 and PCI-DSS.
- Experience in conducting risk assessments and managing security compliance efforts within an enterprise environment.
Technical Skills
- Proven work experience as a System Security Engineer, Information Security Engineer, or similar role.
- Detailed technical knowledge of database, operating system, and cloud security, with hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, and content filtering.
- Strong familiarity with network security and networking technologies, including experience with system, security, and network monitoring tools.
- Thorough understanding of the latest security principles, techniques, and protocols.
Preferred Qualifications
- Professional certifications such as CISSP, CISA, CISM, or equivalent.
- Experience in conducting security audits and assessments.
- Knowledge of cloud security and compliance frameworks (e.g., AWS, Azure).
- Familiarity with security frameworks (e.g., NIST, COBIT).
- Experience with risk management and security assessment methodologies.
Soft Skills
- Strong organizational and project management skills.
- Ability to work independently and as part of a team.
- Attention to detail and a commitment to excellence.
- Ability to stay current with the latest industry trends and technologies.
PERSPECTIVE
Access to a global network of a globally united and mutually responsible “Tribe of Intrapreneurs” that is passionately dedicated to renew the travel industry and while doing so reinvent the ways how businesses stay, work and pay.
Our entrepreneurial driven environment of full ownership and execution focus offers you the playground to contribute to a greater mission, while growing personally and professionally throughout this unique journey. You will continuously learn from a radical culture of retrospectives and continuous improvement and actively contribute to making business life better, smarter and more sustainable.
LOCATION, MOBILITY, INCENTIVE
The attractive remuneration is in line with the market and, in addition to a fixed monthly salary, all necessary work equipment and mobility, will also include an annual or multi-year bonus.