Analyst, Information Security Risk and Compliance

Why Wyndham?

By joining Wyndham Hotels & Resorts, you will play an integral role in our mission to make hotel travel possible for all. You’ll be part of the largest hotel franchise company in the world, where we strive to deliver the best value to our owners and guests. Most importantly, you’ll be entrusted to live our unique Count on Me culture, set by our core values of integrity, accountability, inclusive, caring and fun. At Wyndham, we provide all team members the opportunity to grow through best-in-class training and career development, leadership training, mentorship opportunities and educational support.  Supporting our team members is a top priority, which is why we offer competitive compensation and benefits, vacation, team member appreciation days, workplace flexibility and much more.  At Wyndham Hotels & Resorts, we value and embrace a culture of diversity, equity and inclusion that supports team members of all backgrounds and experiences. We can’t wait to welcome you!

The Role

The IS Risk Analyst for the Risk and Compliance group is responsible for ensuring completion of all risk and compliance activities for all business units and regions supported by this department. The role includes preparing for assessments, participating in assessments and supporting any third parties in the performance of all assessment. The duties are hands on in nature and require knowledge of operating systems, applications, databases and hospitality related activities. The incumbent shall have a solid working familiarity with PCI, HIPAA, ISO27000, ISO30000 series, GLBH, GDPR, Sarbanes Oxley (SoX) and other hospitality related regulations, as well as be familiar with all Wyndham Information Security and Privacy Policies and procedures. The individual must be able to perform all activities on their own, with minimal supervision.

What you'll do

• Supporting the ongoing compliance assessment program for all Business Units and Regions. Including Vendor IS Risk Assessment.
• Developing process and procedure improvements to aid in efficiencies in assessment activities.
• Coordinate interviews and data collection sessions for each assessment in the program.
• Work with the Manager of Compliance to utilize the eGRC application and processes for assessment efficiencies.
• Assist other Risk and Compliance staff with their assessments ensuring consistency in the program.
   

You'll be successful if you have

• This role requires the individual to establish trust with various departments within the company to ensure timely two-way communication channels.
• The individual will need to have a subject matter understanding of compliance and risk assessment processes and be able to apply the concepts to the hospitality industry.
• The individual will have to be able to take direction and reprioritize as necessary to achieve all department objectives.
• The individual will have to plan for delivery dates and deliver on those to support the shared service model.
• The individual needs to be self-motivated and have the ability to organize their time accordingly.
• The individual will be working with various other technical and non-technical personnel, and therefore have the ability to provide leadership as required to ensure delivery of service.
• The individual will be performing a detailed risk assessment role and is expected to create innovative solutions to accomplishing the risk assessment for the various initiatives assigned.
• The role requires the ability to create and present status and recommendations in a manner understood by both Information Security and Business impact terminology for Senior Management.
   

Required Qualifications/Experience

• The candidate is expected to have at minimum a college degree from an accredited college with a concentration in either computer science or information systems analysis and design. Any courses related to controls and support of hospitality industry systems is a plus. 
• The candidate should have one or more of the following certifications:
  • CRISC, CISSP, CISA, CPA, ISA / PCIP, CISM
  • Other certifications related to Risk Assessment, Technology and Program Management may be accepted depending on areas of experience. 
• The candidate should be able to communicate in a concise manner both orally and in writing. Ability to present in front of an audience is a must have skill. 
• The candidate must be able to multi-task and handle multiple concurrent projects through to successful completion.
• The candidate must have the ability to re-adjust priorities based on management’s request to handle special unplanned activities.
• The candidate must have had experience in maintaining or assessing operating system, database, application and hospitality process and procedures as it relates to information security.
• The candidate must have had system analysis and development process assessment experience for business systems.
• The candidate must have at minimum 2 – 3 years experience performing IS risk and / or compliance assessments. (Cyber Security experience will be considered as appropriate also).