We are pleased that you are exploring Hyatt Hotels Corporation. We believe our customers select Hyatt because of our caring and attentive associates who work hard to provide efficient service and meaningful experiences. We care about our associates and our customers. This is the Hyatt Touch. Our commitment to Diversity is best evidenced by our focus on company-wide diversity initiatives. We continue to be recognized as one of America's best companies for minorities in rankings based on information about recruiting and employment practices. Associates of Hyatt are given the tools from the first day to make a difference. Hyatt offers comprehensive and competitive benefits for all associates. Hyatt associates work in an environment that demands exceptional performance, yet reaps great rewards - whether it's career opportunities, job enrichment or a supportive working environment. If you are ready for this challenge, then we are ready for you. Come meet the people with the Hyatt touch.

This is an exciting opportunity to join the Hyatt Cyber Security organization at Hyatt. The Manager – Cyber Security Compliance Operations role will report into the Cyber Security Governance, Risk and Compliance organization and would be responsible for leading Hyatt’s Third Party Risk Management Program (TPRM) enterprise program from a cybersecurity perspective and serve as a process improvement champion for the organization to identify, improve and automate processes across the organization.

Responsibilities

• Manage Hyatt’s global Third-Party Risk Management Program (TPRM) which includes developing, enhancing, and maintaining the process through the use of automation tools including a third-party GRC platform.

• Create and maintain governance documentation for the global TPRM program which includes policies, standards, procedures, risk definitions and requirements.

• Plan and conduct third-party vendor assessments focusing on compliance with regulations, company policies and internal controls. Communicate risks and track remediation plans.

• Identify key program metrics to measure the effectiveness of the program including creation of reports and scorecards.

• Communicate TPRM initiatives with stakeholders across the company.

• Work with Legal and Procurement to integrate TRPM processes for vendor selection and contract negotiations. Conduct contract reviews to ensure cyber provisions are in place.

• Participate in Cyber Security Governance, Risk, and Compliance processes to provide guidance on security risks and improve security posture.

• Continuously analyze existing organization-wide processes to identify improvement opportunities and drive efficiencies. Utilize automation technologies as needed to create repeatable processes.

• Be a champion of process improvements by implementing solutions that deliver improved effectiveness, efficiency, and user experience outcomes.

• Demonstrate a commitment to Hyatt core values.

The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

Experience

• Minimum of 4-6 years or a combination of work experience within Cyber Security domains such as Governance, Risk, and Compliance and Third-Party Risk Management; however any combination of experience, education, and certification that demonstrates the candidate can be successful in the position is acceptable.

• Deep understanding and experience with organizational process improvement, working with Governance, Risk and Compliance (GRC) platforms, and workflow automation platforms.

• Deep understanding of risk frameworks and risk methodologies such as NIST, CIS, COBIT, and ISO.

• Familiarity with Lean, Six Sigma and DMAIC methodologies is preferred.

• Experience leading a team in a fast-paced environment.

• Knowledge of SOC reports, ISO certifications, PCI report on compliance and any independent attestation reports that may include compliance and privacy regulations.

• Experience with creating and implementing cybersecurity policies, standards, and procedures.

• Knowledge of information systems terminology, controls, and practices.

• Proactive self-starter with ability to work independently and as part of a larger team. Will have functional oversight over other individuals supporting the program.

• Strong verbal and written communication and presentation skills.

• Ability to effectively interact with different areas and level of the organization, including executive leadership.

Education

• A Bachelor’s degree or better in Cyber Security, Information Systems, or any other security-related subject is preferred; however any combination of education, experience, and certification that demonstrates the candidate can be successful in the position is acceptable.

Certificates, Licenses, Registrations

• Any of the CISA, CISM, CISSP, Six Sigma, ITIL, PMP certifications are preferred; however any combination of certification, education, and experience that demonstrates the candidate can be successful in the position is acceptable.

Computer Skills Needed to Perform this Job

• Expert user of Microsoft suite (Word, PowerPoint, Excel)

• Experience with GRC and/or Workflow Automation Platforms (e.g. Archer, MetricStream, ZenGRC, LogicGate, etc.)

Additional Comments and Requirements

• Ability and willingness to operate in a fast-paced, complex corporate environment

• Travel may include approximately 5% of work time