Head Of GRC and Security

Description

Guesty is the all-in-one platform for hospitality businesses to automate and optimize every aspect of their operations. With purpose-built technology, industry-wide expertise, and an R&D team of 200+ engineers, Guesty ensures that hospitality businesses can streamline and achieve growth while delivering the best value to guests. With a complete suite of features and 150+ industry partners, including major booking OTAs like Airbnb, Vrbo, Booking.com, Tripadvisor, Expedia, Hopper, Google Travel, and many more, Guesty is transforming the hospitality industry with innovative solutions.

Today, Guesty has 15 offices and 700+ team members across the globe.

The Head of Information Security and Governance, Risk, and Compliance (ISO & GRC) will be responsible for developing, implementing, and maintaining a comprehensive information security program for Guesty.

As a multi-cloud, multi-subsidiary company in the short-term rental business Guesty faces global and cyber exposure in multiple levels. This role will require a strong understanding of both CISO and GRC principles, as well as a deep knowledge of the short-term rental industry and its associated risks.

This Role will be responsible for reviewing, monitoring and auditing the different programs across Guesty’s products and subsidiaries to ensure compliance and meeting the standards agreed upon. Working closely with company resources and dedicated security personnel/champions within the different teams to ensure all security criteria are met and monitored. In the event of a security incident, support the round table efforts as part of the IR plan.

Responsibilities

Information Security:

• Develop and implement a comprehensive information security strategy aligned with the company's business objectives and risk appetite and the plan to deploy it.
• Oversee the design, implementation, and maintenance of security controls, including access management, incident response, data protection, and threat intelligence.
• Manage the company's security risk assessment and management processes.
• Lead the investigation and response to security incidents.
• Ensure compliance with relevant industry standards and regulations, such as GDPR, CCPA, SOC2 and more.

Governance, Risk, and Compliance:

• Develop and implement a robust GRC framework to identify, assess, and manage risks across the organization.
• Oversee the development and maintenance of policies, procedures, and standards related to information security, privacy, and compliance.
• Conduct regular risk assessments and audits to identify and mitigate potential threats.
• Ensure compliance with internal and external audit requirements.
• Provide guidance and support to business units on GRC matters.

Requirements

Qualifications:

• Bachelor's degree in computer science, information security, or a related field or equivalent experience.
• Advanced certification in information security (e.g., CISSP, CISM, CGRC) is preferred.
• Minimum 5 years of experience in information security and GRC roles, with at least 3 years in a leadership position is a plus
• Strong understanding of cloud security, data privacy, and compliance frameworks.
• Excellent communication and interpersonal skills.
• Ability to work effectively in a fast-paced, dynamic environment.
• Experience in the short-term rental industry is a plus.

Reporting to: VP of Global Operations and Compliance

Guesty is proud to be an Equal Opportunity Employer. We provide equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, age, national origin, disability, veteran status, pregnancy, sexual orientation, or any other characteristic protected by law.