This is an exciting, fully remote opportunity to join the Cyber Security organization at Hyatt. The Senior Analyst - Cyber Security Compliance Operations role will report to the Manager, Cyber Security Compliance Operations, leading Hyatt's Third-Party Risk Management (TPRM) enterprise program from a cybersecurity perspective.As a member of the Cyber Security Compliance Operations team, you will implement and manage formalized processes for evaluating, selecting, monitoring and auditing our third-party vendors, while also working with business partners to support their specific needs and timelines.
Position Responsibilities / Essential Functions
Support Hyatt's global Third Party Risk Management (TPRM) Program, which includes developing, enhancing and maintaining the process through the use of automation tools including third-party/GRC platform.
Create and maintain governance documentation on our global TPRM program, which includes policies, standards, procedures, risk definitions and requirements.
Plan and conduct third-party vendor assessments focusing on compliance with regulations, company policies and internal controls. Communicate risks and track remediation plans.
Identify key program metrics to measure the effectiveness of the program including creation of reports and scorecards.
Communicate TPRM initiatives with various stakeholders across Hyatt.
Work with Legal and Procurement to integrate TRPM processes for vendor selection and contract negotiations. Conduct contract reviews to ensure cyber security provisions are in place.
Participate in Cyber Security Governance, Risk and Compliance processes to provide guidance on security risks and improve security posture.
Be the champion of change and process improvements by actively seeking opportunities to automate and improve processes throughout the organization.
Work with various business owners to understand the challenges they face and how to improve efficiency throughout their organization through automation and process improvements.
Demonstrate a commitment to Hyatt core values (included in all job descriptions).
The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary (included in all job descriptions).
Minimum of 3-5 years or a combination of work experience within Cyber Security domains such as Governance Risk, & Compliance and Third Party Risk Management.
Deep understanding and experience on organizational process improvements, working with Governance Risk and Compliance (GRC) platforms, and workflow automation platforms.
Experience in risk assessment that includes third party and security assessments.
Deep understanding of risk frameworks and risk methodologies including, NIST, CIS, COBIT and ISO.
Knowledge of SOC reports, ISO certifications, PCI report on compliance and any independent attestation reports that may include compliance and privacy regulations.
Experience with creating and implementing cybersecurity policies, standards, and procedures.
Knowledge of information systems terminology, controls, and practices.
Proactive self-starter with the ability to work independently and as part of a larger team.
Strong verbal and written communication and presentation skill.
Ability to effectively interact with different areas and level of the organization (especially leadership).
Certificates, Licenses, Registrations
Computer Skills Needed to Perform this Job
Additional Comments and Requirements
Ability and willingness to operate in a fast-paced, complex corporate environment
Travel may include approximately 5% of work time
Hyatt Hotels Corp.