Required Head Of GRC and Security
The Head of Information Security and Governance, Risk, and Compliance (ISO & GRC) will be responsible for developing, implementing, and maintaining a comprehensive information security program for us.
As a multi-cloud, multi-subsidiary company in the short-term rental business we face global and cyber exposure in multiple levels. This role will require a strong understanding of both CISO and GRC principles, as well as a deep knowledge of the short-term rental industry and its associated risks.
This Role will be responsible for reviewing, monitoring and auditing the different programs across our products and subsidiaries to ensure compliance and meeting the standards agreed upon. Working closely with company resources and dedicated security personnel/champions within the different teams to ensure all security criteria are met and monitored. In the event of a security incident, support the round table efforts as part of the IR plan.
Responsibilities
Information Security:
Develop and implement a comprehensive information security strategy aligned with the company's business objectives and risk appetite and the plan to deploy it.
Oversee the design, implementation, and maintenance of security controls, including access management, incident response, data protection, and threat intelligence.
Manage the company's security risk assessment and management processes.
Lead the investigation and response to security incidents.
Ensure compliance with relevant industry standards and regulations, such as GDPR, CCPA, SOC2 and more.
Governance, Risk, and Compliance:
Develop and implement a robust GRC framework to identify, assess, and manage risks across the organization.
Oversee the development and maintenance of policies, procedures, and standards related to information security, privacy, and compliance.
Conduct regular risk assessments and audits to identify and mitigate potential threats.
Ensure compliance with internal and external audit requirements.
Provide guidance and support to business units on GRC matters.
Reporting to: VP of Global Operations and Compliance.
Requirements: Bachelor's degree in computer science, information security, or a related field or equivalent experience.
Advanced certification in information security (e.g., CISSP, CISM, CGRC) is preferred.
Minimum 5 years of experience in information security and GRC roles, with at least 3 years in a leadership position is a plus
Strong understanding of cloud security, data privacy, and compliance frameworks.
Excellent communication and interpersonal skills.
Ability to work effectively in a fast-paced, dynamic environment.
Experience in the short-term rental industry is a plus.
This position is open to all candidates.