Information Security Manager at Remington Hotels in Dallas, TX
Position
Summary:
Responsible for ensuring the Ashford/Remington enterprise and security infrastructure is running optimally, effectively and capable of defending against the latest cyber-attacks, data leakage, insider threats and unauthorized access. Plans, implements, upgrades and monitors security measures for the protection of the Ashford/Remington information system against accidental or unauthorized modification, destruction or disclosure. Manages the activities of the IT Information Security team, which supports all aspects of information security event monitoring and response. Seeks continuous improvement of security events and proactively oversees research efforts to identify emerging threats and ensure appropriate security controls are in place. Manages and directs the complex areas of data security, threat and vulnerability management, security auditing and analysis, risk assessment, compliance and agency-wide security awareness and maintenance of the Information Security Program. Formulates policies and procedures which have significant impact on computer operations and systems development lifecycle. Responsible for consistent communications and interface with all levels of management and vendors. Leads the company's incident response activities, including training objectives. Serves a backup for the Information Technology Operations Manager.
Responsibilities:
Advance knowledge of networking, security architecture and security best practices, including cloud services. Maintain hardware/software inventory Handle network and systems failures and outages Proven design and implementation experience of firewall, routing, switching, WAN, LAN, WLAN & VOIP protocols. Data analysis experience with IDS/IPS, Full Packet Capture and Host/Network/Memory Forensics. Advanced knowledge with the development of NIST, PCI, HIPAA, & SOX security policies, procedures, guidelines and standards. Enterprise-level experience performing incident triage, analysis, incident response, and remediation for computer network intrusions, web application and server attacks, insider threats, and malware infections. Advanced understanding of the cyber threats, attacks, attack vectors and methods of exploitation. In-depth experience reviewing and analyzing high volumes of logs, network data, attack artifacts, security events and device logs from enterprise LAN/WAN network devices including Firewalls/Switches/Routers, Databases, Anti-Virus, IDS/IPS, Web Proxys, and DNS. Enterprise experience with architecting and implementing cloud security principles and standards across a multiple-cloud environment. In-depth experience managing SIEM (Security Information and Event Managers) platforms. Respond to audit and compliance request from internal and external entities with data as needed. Prepare accurate and detailed process description documents, graphical representations of workflows, and functional specifications in the form of SOP's. Conduct periodic internal audits and evaluations of the company's IT security program for the data, information and information technology resource. Develop, maintain and utilize system for tracking all audit results (proactive and reactive). Administer the company's Information Security Program. Administer the company's Security Awareness Training Program and periodic campaigns. Develop and periodically update written security policies and procedures. Including a process for detecting, reporting and responding to threats, breaches or IT security incidents that are consistent with the security rule, guidelines and processes established by the company CIO and CISO. Evaluate security product enhancements to ensure continuous improvement. Participate in the change management process. Establish and lead Computer Security Incident Response Team (CSIRT) for all IT security incidents and breaches. Communicate with Executive Management regarding security issues and risks; provide recommended actions. Report all IT security incidents and breaches to the CISO. For IT security breaches, provide notice in accordance with company policies. Manage a staff of direct reports, while being hands-on in the execution of certain tasks. Analyze, document, and organize (business) processes, as well as the related reference data, applying IT Security best practices taking into account separation of duties. Manage vendor/consultant relationships; foster partnerships and make recommendations when needed. Provide quality customer service to internal and external customers. Travel to remote sites as needed. Other duties as assigned. Property Description Remington is a dynamic, growing, independent hotel management company with over 40 years of experience in the hospitality business. Providing top quality service in the areas of property management and condominium hotel management, Remington's track record of success demonstrates a unique understanding of the hotel business in all phases of the economic cycle. Our culture across these disciplines is centered on achieving results. At Remington, we believe that our people are the ultimate source of our competitive advantage. Requirements Job Requirements:
Bachelor's degree in Computer Science/Engineering or related field. Related work experience may substitute for some years of education. Minimum seven years of information technology and information security experience. One or more certificates (CISA, CISSP, etc.) preferred. Need a thorough understanding of the business, its goals & objectives, business processes and organization. Need the ability to build and maintain relationships with peers in the company and build interdependent planning, execution and feedback loops. The ability to take adequate action to ensure uninterrupted processes, while ensuring on time and on budget delivery of projects. The ability to set personnel and departmental goals & objectives, communicate, track & report on them in all directions. (superiors) , (side - peers) and (down -subordinates) Maintain a functional dashboard for others to gauge state, status and progress of activities and projects. Highly desired vendor technologies:
Cloud Service (Azure, Google/Microsoft 365, virtual platforms, cloud management and security monitoring) Cisco/SonicWall firewalls, Cisco wireless, Citrix, VMware, patch management, Sophos Centralized Endpoint Protection and Qualys Vulnerability Management and PCI Compliance. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security. Expert understanding of existing and evolving Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Protected Health Information (PHI) and state regulatory requirements as well as NIST Cybersecurity framework and underlying publications. Proficient with firewall administration and configuration. Proficient with Dell and Cisco switch administration and configuration. Ability to identify complex problems and review related information to develop and evaluate options and implement solutions. Proven analytical and problem-solving abilities. Adept at reading, writing and interpreting technical documentation and procedure manuals. Keen attention to detail. Strong interpersonal and oral communication skills. Ability to communicate with immediate supervisor and other team members in order to receive/direct all work instructions and express any questions or concerns as required. Comply with all written and stated company ethics and safety policies and procedures. Report all unsafe and unethical violations to immediate supervisor or Human Resources. Ability to plan and prioritize workload to meet implementation schedules and minimize schedule conflicts. Ability to analyze current processes and develop plans for implementation of new technology and/or processes. Skills Required:
Familiarity with Microsoft Office. Knowledge of operating system fundamentals. Knowledge of server and workstation hardware. Knowledge of network engineering and technologies used in a large multi-tenant data center environment. Knowledge of the interactions between servers, operating systems, databases, networks and storage with the ability to understand how changes in one-area affects the others. Fundamental knowledge of routers, switches and networking technologies in a large multi-tenant environment. Knowledge of project control techniques. Knowledge of problem-solving techniques. Knowledge of security principals and best practices, especially cloud and remote workforce requirements. Knowledge of storage and data protection concepts. Skilled in preparing and giving presentation to users, technical support and management. Skilled in packet captures tools and analysis, including Wireshark. Skilled in SIEM tools, log files, data correlation and analysis. Ability to communicate effectively with peers, supervisors and users. Ability to analyze and interpret technical data. Ability to communicate technical information effectively, verbally and in writing. Ability to process information logically and solve problems. Ability to establish and maintain effective working relations with others. Ability to understand and apply rules, regulations, policies and procedures. Ability to make decisions in a timely manner. Ability to work independently or in a team environment. Ability to determine work priorities, allocates resources, assigns work and ensures proper completion of assignments.
Salary Range:
$200K -- $250K
Minimum Qualification
IT Security, Technology ManagementEstimated Salary: $20 to $28 per hour based on qualifications.
Summary:
Responsible for ensuring the Ashford/Remington enterprise and security infrastructure is running optimally, effectively and capable of defending against the latest cyber-attacks, data leakage, insider threats and unauthorized access. Plans, implements, upgrades and monitors security measures for the protection of the Ashford/Remington information system against accidental or unauthorized modification, destruction or disclosure. Manages the activities of the IT Information Security team, which supports all aspects of information security event monitoring and response. Seeks continuous improvement of security events and proactively oversees research efforts to identify emerging threats and ensure appropriate security controls are in place. Manages and directs the complex areas of data security, threat and vulnerability management, security auditing and analysis, risk assessment, compliance and agency-wide security awareness and maintenance of the Information Security Program. Formulates policies and procedures which have significant impact on computer operations and systems development lifecycle. Responsible for consistent communications and interface with all levels of management and vendors. Leads the company's incident response activities, including training objectives. Serves a backup for the Information Technology Operations Manager.
Responsibilities:
Advance knowledge of networking, security architecture and security best practices, including cloud services. Maintain hardware/software inventory Handle network and systems failures and outages Proven design and implementation experience of firewall, routing, switching, WAN, LAN, WLAN & VOIP protocols. Data analysis experience with IDS/IPS, Full Packet Capture and Host/Network/Memory Forensics. Advanced knowledge with the development of NIST, PCI, HIPAA, & SOX security policies, procedures, guidelines and standards. Enterprise-level experience performing incident triage, analysis, incident response, and remediation for computer network intrusions, web application and server attacks, insider threats, and malware infections. Advanced understanding of the cyber threats, attacks, attack vectors and methods of exploitation. In-depth experience reviewing and analyzing high volumes of logs, network data, attack artifacts, security events and device logs from enterprise LAN/WAN network devices including Firewalls/Switches/Routers, Databases, Anti-Virus, IDS/IPS, Web Proxys, and DNS. Enterprise experience with architecting and implementing cloud security principles and standards across a multiple-cloud environment. In-depth experience managing SIEM (Security Information and Event Managers) platforms. Respond to audit and compliance request from internal and external entities with data as needed. Prepare accurate and detailed process description documents, graphical representations of workflows, and functional specifications in the form of SOP's. Conduct periodic internal audits and evaluations of the company's IT security program for the data, information and information technology resource. Develop, maintain and utilize system for tracking all audit results (proactive and reactive). Administer the company's Information Security Program. Administer the company's Security Awareness Training Program and periodic campaigns. Develop and periodically update written security policies and procedures. Including a process for detecting, reporting and responding to threats, breaches or IT security incidents that are consistent with the security rule, guidelines and processes established by the company CIO and CISO. Evaluate security product enhancements to ensure continuous improvement. Participate in the change management process. Establish and lead Computer Security Incident Response Team (CSIRT) for all IT security incidents and breaches. Communicate with Executive Management regarding security issues and risks; provide recommended actions. Report all IT security incidents and breaches to the CISO. For IT security breaches, provide notice in accordance with company policies. Manage a staff of direct reports, while being hands-on in the execution of certain tasks. Analyze, document, and organize (business) processes, as well as the related reference data, applying IT Security best practices taking into account separation of duties. Manage vendor/consultant relationships; foster partnerships and make recommendations when needed. Provide quality customer service to internal and external customers. Travel to remote sites as needed. Other duties as assigned. Property Description Remington is a dynamic, growing, independent hotel management company with over 40 years of experience in the hospitality business. Providing top quality service in the areas of property management and condominium hotel management, Remington's track record of success demonstrates a unique understanding of the hotel business in all phases of the economic cycle. Our culture across these disciplines is centered on achieving results. At Remington, we believe that our people are the ultimate source of our competitive advantage. Requirements Job Requirements:
Bachelor's degree in Computer Science/Engineering or related field. Related work experience may substitute for some years of education. Minimum seven years of information technology and information security experience. One or more certificates (CISA, CISSP, etc.) preferred. Need a thorough understanding of the business, its goals & objectives, business processes and organization. Need the ability to build and maintain relationships with peers in the company and build interdependent planning, execution and feedback loops. The ability to take adequate action to ensure uninterrupted processes, while ensuring on time and on budget delivery of projects. The ability to set personnel and departmental goals & objectives, communicate, track & report on them in all directions. (superiors) , (side - peers) and (down -subordinates) Maintain a functional dashboard for others to gauge state, status and progress of activities and projects. Highly desired vendor technologies:
Cloud Service (Azure, Google/Microsoft 365, virtual platforms, cloud management and security monitoring) Cisco/SonicWall firewalls, Cisco wireless, Citrix, VMware, patch management, Sophos Centralized Endpoint Protection and Qualys Vulnerability Management and PCI Compliance. Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security. Expert understanding of existing and evolving Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), Protected Health Information (PHI) and state regulatory requirements as well as NIST Cybersecurity framework and underlying publications. Proficient with firewall administration and configuration. Proficient with Dell and Cisco switch administration and configuration. Ability to identify complex problems and review related information to develop and evaluate options and implement solutions. Proven analytical and problem-solving abilities. Adept at reading, writing and interpreting technical documentation and procedure manuals. Keen attention to detail. Strong interpersonal and oral communication skills. Ability to communicate with immediate supervisor and other team members in order to receive/direct all work instructions and express any questions or concerns as required. Comply with all written and stated company ethics and safety policies and procedures. Report all unsafe and unethical violations to immediate supervisor or Human Resources. Ability to plan and prioritize workload to meet implementation schedules and minimize schedule conflicts. Ability to analyze current processes and develop plans for implementation of new technology and/or processes. Skills Required:
Familiarity with Microsoft Office. Knowledge of operating system fundamentals. Knowledge of server and workstation hardware. Knowledge of network engineering and technologies used in a large multi-tenant data center environment. Knowledge of the interactions between servers, operating systems, databases, networks and storage with the ability to understand how changes in one-area affects the others. Fundamental knowledge of routers, switches and networking technologies in a large multi-tenant environment. Knowledge of project control techniques. Knowledge of problem-solving techniques. Knowledge of security principals and best practices, especially cloud and remote workforce requirements. Knowledge of storage and data protection concepts. Skilled in preparing and giving presentation to users, technical support and management. Skilled in packet captures tools and analysis, including Wireshark. Skilled in SIEM tools, log files, data correlation and analysis. Ability to communicate effectively with peers, supervisors and users. Ability to analyze and interpret technical data. Ability to communicate technical information effectively, verbally and in writing. Ability to process information logically and solve problems. Ability to establish and maintain effective working relations with others. Ability to understand and apply rules, regulations, policies and procedures. Ability to make decisions in a timely manner. Ability to work independently or in a team environment. Ability to determine work priorities, allocates resources, assigns work and ensures proper completion of assignments.
Salary Range:
$200K -- $250K
Minimum Qualification
IT Security, Technology ManagementEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
