Shangri-La Group is a global leader in luxury hospitality with unique Asian heritage.

Headquartered in Hong Kong, we have over 100 hotels and resorts under four brands nested in key cities and beautiful beachfront locations globally.  We are expanding rapidly with a strong development pipeline throughout Asia, the Middle East, Europe and Africa.

Regarded as one of the world’s finest hotel ownership and management companies, Shangri-La is dedicated to delight guests around the world with legendary service, finely tuned from over 45 years of hospitality from the heart. We have an affinity with Asian travelers and we offer them a gateway to the rest of the world, positioning us a leading brand in luxury hospitality.

As an enviable employer with industry leading levels of colleague engagement, our people are our priority.  Our success is only made possible through the efforts and abilities of over 42,000 colleagues worldwide.  In accordance with this belief, the focused investment we make in the learning and development of our colleagues is unparalleled in the global hospitality industry.  From welcoming new colleagues, to best in class leadership development, you can be sure that potential is identified and nurtured throughout your career. 

We are currently looking for an Assistant Vice President, Information Security to assist the VP, Information Security in managing a small team of specialists overlooking all matters related to information security and data protection for the group.

As the Assistant Vice President, Information Security, we will rely on you to:

• Develop and implement company-wide policies & procedures for information security and data protection
• Review and improve existing policies & procedures for information security and data protection
• Work closely with IT teams to maintain a secure operating environment
• Conduct periodic review & audit of IT infrastructure, systems & operations, software applications, vendors and service providers to ensure compliance to information security policies
• Conduct periodic review & audit of hotel operations to ensure compliance to information security policies
• Manage PCI-DSS and related compliance certification for the group
• Manage risk assessment program targeting information security, data protection and data privacy matters, and implement risk mitigation plans
• Ensure group compliance with relevant information security and data privacy legislation, regulations for our hotels
• Manage our group-wide information security and data protection awareness program
• Manage the information security budget, ensuring the allocation of resources in alignment with company priorities and security objectives
• Oversee the daily operations of the information security function, including security monitoring, incident handling, and investigation in collaboration with the Security Operations Centers
• Provide expert advice on information security aspects of new projects and systems, evaluating risks and recommending appropriate security controls and measures

We are looking for someone who has:

• Bachelor’s degree holder, preferably in a relevant discipline
• Minimum 6 years of relevant experience in managing information security function for a sizable company
• Hands-on experience in developing and implementing enterprise-level information security policies & procedures, and training
• Familiar with legal, regulatory and other compliance requirements, including PCI-DSS
• Familiarity with risk management methodologies
• Excellent planning, organizing, interpersonal and communication skills
• Excellent communication skills in English. Fluency in Chinese (Mandarin) will be desirable.
• Professional certification such as CISSP, CISM, CISA, GIAC or equivalent will be highly desirable
• Familiarity with ISO/IEC 27001, NIST or equivalent will be highly desirable