Cybersecurity Risk Expert F/M/X

Company Description

Accor Tech & Digital is the power engine of Accor technology, digital business and transformation. Our 5,000 talents are committed to deliver the best tech and digital experiences to our guests, hotels and staff across 110 countries and to shape the future of hospitality. 

Accor Tech & Digital, jobs in the tech field where intelligence is above all human! 

Job Description

Accor Tech & Digital is the innovation and technological transformation lab of the world leader in hospitality.

Our teams, known as Heartists®, bring together the best of hospitality with the best of tech and digital. Our ambition is to provide our customers with personalized, memorable, and sustainable experiences.

Here, we create new ways to travel within each of our 5,500 hotels, connecting closely with our 100 million clients in 110 countries.

Here, we are at the heart of an incredible playground for technological transition and the design of digital products and services for our customers and hotel teams.

Here, your scope will know no boundaries;

So join us and dare to make an impact on the world!

Here is where your greatest challenge awaits you: 

You will be part of the Cybersecurity Governance, Risk, and Compliance (GRC) team, leading Accor’s cybersecurity risk management activities. Your role will focus on identifying, assessing, and mitigating cybersecurity risks while ensuring alignment with Accor’s strategic objectives. You will help balance cybersecurity requirements with business agility, innovation, and growth to support the company’s long-term success.

Your mission: 

• Strategic Alignment & Risk Governance

  • Align cybersecurity risk management with overall business objectives to ensure security measures are seamlessly integrated.

  • Collaborate with business leaders to balance cybersecurity requirements with business agility, innovation, and growth.

  • Communicate business risks and risk mitigation strategies to stakeholders based on agreed protection levels.

  • Prioritize efforts to secure the most vital aspects of the business and minimize potential disruptions, data breaches, non-compliance, financial penalties, or reputational damage.

• Risk Assessment & Mitigation

  • Assess and prioritize cybersecurity risks impacting critical business processes, evaluating their potential impact and likelihood.

  • Conduct cybersecurity reviews and risk assessments, identifying gaps in architecture and recommending mitigation strategies.

  • Analyze cybersecurity risk trends and report findings to drive proactive decision-making.

  • Evaluate the cost-effectiveness of cybersecurity measures, optimizing resource allocation to maximize risk reduction.

  • Develop and implement remediation plans for cybersecurity risks identified through assessments, audits, and compliance reviews.

  • Manage third-party cybersecurity risks, including identifying, assessing, and ensuring alignment with enterprise risk policies.

  • Monitor third-party cybersecurity risks to ensure regulatory and contractual compliance.

  • Facilitate cybersecurity onboarding for vendors, integrating risk management frameworks into third-party agreements.

  • Explore and implement risk transfer strategies, such as cybersecurity insurance, in collaboration with providers.

• Compliance & Integration with Risk Management Functions

  • Ensure the successful implementation and functionality of cybersecurity requirements, IT policies, and procedures that align with the organization's mission and goals.

  • Provide key inputs and collaborate with various risk/compliance departments (e.g., Group Risk, Quality Management, Data, Privacy/Legal).

  • Offer subject matter expertise to contract managers, business unit managers, and third-party relationship managers to ensure compliance with applicable regulations or policies.

  • Provide expertise on regulatory requirements, risk management approaches, and cybersecurity standards (e.g., NIST, ISO 27005).

Qualifications

And you? 

• Bachelor's or Master's degree in Cybersecurity, or a related field is highly valued.

• 3+ years of experience in IT audit, enterprise risk management or cyber risk management.

• 3+ years of experience with regulatory compliance, risk management frameworks, and information security frameworks (e.g., ISO 27000, NIST CSF, NIST Risk Management Framework, ISO 27005).

• Professional certifications (CRISC, CISSP, CISA) are a plus.

Technical Skills:

• Strong knowledge of cybersecurity principles, technologies, and controls, including threat and vulnerability management, incident response, and security awareness.
• Proficiency in risk assessment, mitigation strategies, and compliance monitoring.
• Professional certifications (e.g., CRISC, CISSP, CISA, CISM) are highly valued.
• Ability to work effectively with cross-functional cybersecurity teams to prioritize remediation efforts.

Soft Skills:

• Strong analytical and problem-solving skills to assess cybersecurity risks and develop mitigation strategies.
• Ability to align cybersecurity risk management with business needs, organizational goals, and compliance requirements.
• Proven leadership and project management abilities to drive cybersecurity initiatives efficiently.

Additional Information

Accor dares to impact: 

- the world  

• Accor is committed to the world around us, with a strong employer culture focused on the development of our 300,000 talents. 
• We adopt a continuous improvement approach to reduce the impact of digital on the environment across all our projects.

- your career:  

• We enable all our employees to manage their work-life balance and offer them the means to shape their work environment according to their preferences. 
• Training and career paths are defined both individually and collectively, allowing us to grow together on a daily basis. 

- Specifically, at Accor Tech & Digital:

• Remote work in France and flexible work options: work from home, our offices or even our hotels and coworking spaces.
• Every Wednesday afternoon, dedicate your time to deep work and personal development.
• Work in a multicultural and English-speaking environment.
• Continuous improvement & training: Hackathons, exceptional technology partnerships, dedicated talent management, and a dedicated training platform, Digitech Academy & certifications.

and also,

• ALL - Heartist® Program: unforgettable stays and experiences at all Accor locations and partner venues worldwide. 
• Heartist® for Good Program: commit to supporting an association of your choice from those available on our volunteering platform (1 day offered per year by the Group during your working hours). 
• An Employee Social Committee (CSE) supporting the financing of your cultural and sports activities. 
• Sustainable Mobility Package up to €600 for the use of "green" transportation, or 75% coverage of Pass Navigo (public transportation pass). 
• €10 meal vouchers. 
• A mandatory health insurance plan funded at 50% by Accor without additional costs in case of enrollment of your dependents. 
• Attractive working conditions with collaborative workspaces, restaurants, and recreational and sports areas.

Your talent and motivation are our only selection criteria.

We value the richness of the diverse nationalities, personalities, and professional backgrounds.

We know how to adapt to the specific needs of our employees, including those with disabilities.
We encourage all applications, regardless of gender, so go ahead and apply!

Recruitment is all about people!  

Is this mission appealing to you? Apply, and we will offer you: 

1. A meeting with our recruitment team to present the essential aspects of the position to you or guide you towards the role that may suit you. 
2. An interview with the team manager responsible for the role you are interested in.  
3. For some roles, you might also be required to complete an assessment (use case and motivation questionnaire. 
4. A final interview with our Human Resources team to discuss our Group's culture, work environment, training program, career prospects, as well as various benefits offered by the Group. 
5. A personalized feedback. 

#accortechdigital