Director of IT Security

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or related field (Master’s preferred).
• 10+ years of progressive experience in information security, with 5+ years in leadership roles.
• Deep experience in Security Operations, IAM, Vulnerability Management, and GRC frameworks (e.g., NIST, ISO 27001).
• Proven ability to operate in a complex, distributed hospitality or retail environment.
• Strong knowledge of cloud security (Azure, AWS), network defense, and endpoint protection technologies.
• Exceptional communication skills with the ability to influence business and technical stakeholders.

Nice To Haves

• Professional certifications strongly preferred (e.g., CISSP, CISM, CISA, CRISC).

Responsibilities

• Strategic Leadership Develop and execute a multi-year roadmap to mature Sonesta’s IT Security, Compliance, and Data Privacy posture across corporate, hotel, and cloud environments.
• Establish and communicate enterprise-wide security policies, standards, and best practices aligned with business objectives and risk tolerance.
• Partner with IT, strategy, operations, and executive leadership to integrate security into technology and operational initiatives.
• Stay abreast of industry threats, trends, and regulatory obligations.
• Security Operations Oversee day-to-day security operations, including incident response, endpoint protection, and monitoring.
• Partner with Infrastructure/Operations and Property Technology to strengthen hotel-level security practices through standardized processes, tools, and training.
• Ensure alignment between corporate IT and property-level technology environments for consistent controls and oversight.
• Integrate with technology teams to support initatives and provide security architecture and engineering guidance.
• Identity & Access Management (IAM) Lead the design and implementation of a centralized IAM program that enforces least privilege, access governance, and automated provisioning/deprovisioning.
• Oversee privileged access management (PAM) and multi-factor authentication (MFA) initiatives.
• Establish processes for identity governance & lifecycle management across employee, vendor, and system accounts.
• Vulnerability Management Own vulnerability management across infrastructure, applications, and endpoints.
• Define and track KPIs for patch management, remediation timelines, and risk reduction.
• Collaborate with IT and vendor partners to ensure timely response to critical vulnerabilities.
• Develop & execute a Security Testing program designed to identify vulnerabilities and validate information security practices.
• Governance, Risk, and Compliance (GRC) Establish and lead Sonesta’s GRC framework, including risk assessments, policy development, and control design and implementation.
• Ensure compliance with PCI-DSS, SOX, Data Privacy regulations, and other hospitality and data protection regulations.
• Lead security awareness and training programs to strengthen the culture of security across the enterprise.
• Oversee our Vendor Third Party Security Risk Management Program.
• Team & Vendor Leadership Build and lead a high-performing IT security team; provide mentorship and career development.
• Manage relationships with external security partners, auditors, and vendors.
• Oversee the security budget, investments, and resource planning.

Benefits

• Medical, Dental and Vision Insurance
• Health Savings Account with Company Match
• 401(k) Retirement Plan with Company Match
• Paid Vacation and Sick Days
• Sonesta Hotel Discounts
• Educational Assistance
• Paid Parental Leave
• Company Paid Life Insurance
• Company Paid Short Term and Long Term Disability Insurance
• Various Employee Perks and Discounts
• Hospital Indemnity
• Critical Illness Insurance
• Accident Insurance