Information Security and Compliance Lead

POSITION DESCRIPTION SUMMARY:

The Information Security & Compliance Lead plays a crucial role in overseeing and driving the organization's information security initiatives and ensuring adherence to regulatory requirements. This position will lead efforts to identify, assess, and mitigate security risks, develop and enforce compliance standards, and foster a culture of security awareness across the organization. This position requires strong leadership skills to lead a team of talented analysts and engineers. In addition to the day-to-day operational needs, this position will also be instrumental in contributing to the development of the overall security and compliance strategy, design, and architecture, aligning with business objectives and strategy. 

 

DUTIES AND RESPONSIBILITIES:

 

1.      Team Leadership and Collaboration:  

·       Provide guidance to security team members and other stakeholders on security and compliance matters.

·       Act as the primary point of contact for cross-functional teams and external stakeholders regarding security and compliance issues.

·       Mentor junior team members and foster a collaborative and growth-oriented environment by providing guidance, performance feedback, and fostering a culture of continuous learning and development. 

·       Foster a results-driven team culture.  

·       Collaborate with cross-functional teams to align information security and compliance efforts with organizational goals. 

·       Manage projects on security, privacy, and control initiatives to reduce identified risk to support Information Security, Privacy, Operational Controls and Regulatory compliance strategy.

2.      Information Security:

·       Lead the annual review and updates of the Company’s information security, privacy and other policies based upon risk of emerging threats, regulations, and best practices which state the Company’s control objectives.

·       Lead the team in the design, implementation, and management of security measures to protect organizational data, systems, and networks.

·       Conduct risk assessments, vulnerability scans, and penetration tests to identify and mitigate risks.

·       Lead incident response efforts, including investigation, resolution, and post-mortem analysis.

·       Manage security tools and technologies, including both offensive and defensive solutions.

·       Collaborate with IT teams to ensure secure system configurations, applications, and cloud services.

·       Stay up to date on emerging threats, vulnerabilities, and industry best practices.

3.      Compliance Management:

·       Conduct internal audits to ensure adherence to policies and standards.

·       Manages Compliance program to meet Company, client and regulatory requirements and reports risk and resolutions to management.

·       Develop strong professional relationships with external auditors that will involve coordinating walkthroughs and timing of testing as well as providing the auditors with direct assistance in specific areas.

·       Support the Finance, Legal and HR teams with investigations and any other regulatory or compliance needs.

4.      Vendor Management: 

·       Manage relationships with technology vendors and service providers, negotiate contracts, and monitor service level agreements to ensure cost-effective and reliable services. 

5.      InfoSec / Compliance Innovation: 

·       Stay abreast of emerging information security and compliance trends and assess their potential impact on the organization.

·       Recommend and implement innovative solutions for enhanced protection, productivity and efficiency. 

6.      Budgeting and Resource Allocation: 

·       Contribute to the development and management of the budget, allocating resources effectively and optimizing costs. 

·       Manage the use and procurement of all relevant technology licenses. 

7.      Operational Planning:  

·       Collaborate with and assist IT leadership to develop and execute a comprehensive Information Security and Compliance strategy aligned with organizational goals. 

8.      Other duties as assigned

 

POSITION QUALIFICATIONS:

·       Bachelor's degree or equivalent work experience.

·       Minimum of 5-7 years of experience in information security and compliance roles.

·       Strong knowledge of regulatory requirements and industry standards (e.g., PCI DSS, GDPR, NIST, ISO 27001).

·       Knowledge of Retail and/or Food & Beverage business, systems, and processes a plus.

·       Experience conducting and managing security audits and risk assessments.

·       Relevant certifications such as CISSP, CISM, CISA, or CRISC are strongly preferred.

·       Ability to work independently and as a team and manage multiple projects efficiently.

·       Must be self-motivated, customer-centric, a team player, and possess a great attitude.

·       Experience in collaborating with business or technology partners across different business functions to ensure alignment, understanding, management, and ongoing communication of business risk

·       Possess and demonstrate strong ability to influence others (direct reports, peers, managers, affiliates, business partners, etc.) to achieve complex objectives against tight deadlines

·       Demonstrated ability to identify solutions, collaborate, drive results, and influence change in a cross-functional, diverse, rapidly changing environment.

·       Excellent verbal and written communication skills as well as organizational skills.

·       Must be a self-starter, quick learner, attentive to details, prioritize work able to multi-task.

·       Excellent communication skills and the ability to present information to all levels of management in both formal and informal settings.

·       Strong leadership, collaboration, and mentoring capabilities.

This position description is merely intended to describe the primary elements of the position.  Paradies Lagardère Travel Retail reserves the right to change the position description and to assign additional duties and responsibilities as necessary.  This position description does not constitute an employment contract of any kind.

#LI-KD1