Full-Time Cybersecurity Risk Expert

Accor Tech & Digital is the innovation and technological transformation lab of the world leader in hospitality.

Our teams, known as Heartists®, bring together the best of hospitality with the best of tech and digital. Our ambition is to provide our customers with personalized, memorable, and sustainable experiences.

You will be part of the Cybersecurity Governance, Risk, and Compliance (GRC) team, leading Accor’s cybersecurity risk management activities. Your role will focus on identifying, assessing, and mitigating cybersecurity risks while ensuring alignment with Accor’s strategic objectives.

Your mission:

• Strategic Alignment & Risk Governance
• Align cybersecurity risk management with overall business objectives.
• Collaborate with business leaders to balance cybersecurity requirements with business agility, innovation, and growth.
• Communicate business risks and risk mitigation strategies to stakeholders.
• Prioritize efforts to secure the most vital aspects of the business.

Risk Assessment & Mitigation

• Assess and prioritize cybersecurity risks impacting critical business processes.
• Conduct cybersecurity reviews and risk assessments, identifying gaps in architecture and recommending mitigation strategies.
• Analyze cybersecurity risk trends and report findings.
• Evaluate the cost-effectiveness of cybersecurity measures, optimizing resource allocation.
• Develop and implement remediation plans for cybersecurity risks.
• Manage third-party cybersecurity risks, including identifying, assessing, and ensuring alignment with enterprise risk policies.
• Monitor third-party cybersecurity risks to ensure regulatory and contractual compliance.
• Facilitate cybersecurity onboarding for vendors.
• Explore and implement risk transfer strategies, such as cybersecurity insurance.

Compliance & Integration with Risk Management Functions

• Ensure the successful implementation of cybersecurity requirements, IT policies, and procedures.
• Provide key inputs and collaborate with various risk/compliance departments.
• Offer subject matter expertise to contract managers, business unit managers, and third-party relationship managers.
• Provide expertise on regulatory requirements, risk management approaches, and cybersecurity standards (e.g., NIST, ISO 27005).

Your qualifications:

• Bachelor's or Master's degree in Cybersecurity, or a related field.
• 3+ years of experience in IT audit, enterprise risk management or cyber risk management.
• 3+ years of experience with regulatory compliance, risk management frameworks, and information security frameworks (e.g., ISO 27000, NIST CSF, NIST Risk Management Framework, ISO 27005).
• Professional certifications (CRISC, CISSP, CISA) are a plus.

Technical Skills

• Strong knowledge of cybersecurity principles, technologies, and controls.
• Proficiency in risk assessment, mitigation strategies, and compliance monitoring.
• Professional certifications (e.g., CRISC, CISSP, CISA, CISM) are highly valued.
• Ability to work effectively with cross-functional cybersecurity teams.

Soft Skills

• Strong analytical and problem-solving skills.
• Ability to align cybersecurity risk management with business needs.
• Proven leadership and project management abilities.

What is the last date for applying to the job?

Which countries are accepted for this remote job?