Sr Manager Governance, Risk, and Compliance (GRC)

Aven Hospitality•Dallas, TX

17d

About The Position

Aven Hospitality is an innovative technology provider powered by SynXis®, the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition. With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction. Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections. We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next.. Sr Manager Governance, Risk, and Compliance The Sr Manager Governance, Risk, and Compliance (GRC) will be responsible for defining, building and maintaining the entity-wide cybersecurity requirements, baseline controls, regular assessments, and attestation reporting. This role will oversee the development, execution, and innovation of general cybersecurity policies, standards, and related expectations. The GRC leader must be able to lead cybersecurity program definition and enablement, risk assessments, and security awareness training programs. They must also manage the vendor and supplier relationships with external cybersecurity compliance assessors (example: PCI QSA) and manage the yearly compliance audits. This role will also partner with other teams regarding data governance policies, data classification standards, and data retention rules. Overall, this role will demonstrate effectiveness through key performance indicators (KPIs), team development and retention, and strong leadership in order to achieve stakeholder satisfaction.

Requirements

Bachelor’s degree in Cybersecurity or an IT-related field
Experience in maturing cybersecurity programs for regulated entities
Ensuring continuity of cybersecurity services during mergers and acquisitions
8+ years of experience in cybersecurity, with at least 3 years in a leadership or management role
At least 5 years’ experience conducting assessment and preparing for compliance audits, including one or more of the following: PCI-DSS, ISO 27001, SOC-2
At least 3 years’ experience liaising with a Managed Services Provider (MSP)/Managed Security Services Provider (MSSP) that provides cybersecurity services (e.g., 24/7 threat monitoring, threat hunting and investigation, incident detection, Identity and Access Management [IAM], cloud-native analytics support, vulnerability scanning and identification)
Expert knowledge of domestic and global data protection regulations and security frameworks regulations (such as PCI-DSS, GDPR, ISO 27001, NIST CSF, SOC-2) and application of them in complex environments
Proven ability to make informed decisions with limited information, adapt to changing circumstances, and drive successful project outcomes through strategic thinking and proactive execution
Security tool familiarity, including operations and management

Nice To Haves

Experience managing PSIRT processes or vendor security assessments is a plus
One or more of the following certifications: CISSP, CISA, CISM, or equivalent

Responsibilities

Oversee the development, execution, and innovation of the cybersecurity and GRC strategy at Aven Hospitality, including data governance and security, compliance audits, classification standards, privacy compliance, data controls/exceptions, customer trust, and third-party risk management reviews
Manage the reporting and KPIs around governance, risk, and compliance at Aven Hospitality
Provide hands-on leadership and development of their team by providing ongoing coaching, mentorship, professional development, and performance feedback to foster effective team performance
Develop and enhance Security Training and Awareness service delivery strategies to align with evolving cybersecurity standards, regulations, and emerging threats
The GRC leader initiatives to improve service effectiveness through Standard Operating Procedure (SOP) development on service delivery, service onboarding/offboarding, quality assurance initiatives, and tool/process migrations, integrations, and automation
Serve as an escalation point to internal teams and clients on GRC issue scoping and resolutions
Maintain, develop, and document service runbooks for to maintain consistency and reflect the industry’s leading practices and latest standards
Establish and maintain strong relationships with internal and external stakeholders, including key cross-functional team leaders, regulators, and auditors, to ensure compliance with legal and regulatory requirements as well as industry standards