Virtuoso
  • 10-Apr-2019 to 09-Jun-2019 (PST)
  • Fort Worth, TX, USA
  • Full Time

Virtuoso is the leading international travel agency network specializing in luxury and experiential travel. The by-invitation only organization comprises over 800 travel agency partners with more than 16,000 elite travel advisors in over 45 countries through North America, Latin America, the Caribbean, Europe, Asia-Pacific, Africa and the Middle East. Drawing upon its preferred relationships with 1,700 of the world's best hotels and resorts, cruise lines, airlines, tour companies and premier destinations, the network provides its upscale clientele with exclusive amenities, rare experiences and privileged access.

 

Position Summary:  The Senior Cyber Security Engineer helps attain and maintain PCI-DSS ISO 27001 and Level enterprise security certifications and ensure data security, integrity and availability are maintained and regulatory requirements are met. Monitors adherence to information security policies to ensure that appropriate access to, and the confidentiality of client, employee, and company information is maintained. Maintains GDPR, PCI-DSS compliance across the organization that will ensure the company and its client's personal data remains secure.  Administers third party risk management, vulnerability management, and partners with HR on security awareness activities. Identifies and develops security awareness content and provides education on security policies and practices. Completes scheduled internal audits to detect information loss or policy violations. Participates in the evaluation and recommendation of security products, services and/or procedures to enhance productivity and effectiveness.

 

Principle Duties and Responsibilities: 

  • Develop and enforce information security and privacy practices, policies, procedures and processes to ensure proper adherence, education and documentation as appropriate. Ensure proper education and maintenance of regulatory/compliance standards and/or frameworks (e.g. ISO27001, PCI-DSS, etc.)
  • Consult in areas relating to information security and privacy regulations/compliance standards (e.g. PCI-DSS, Consumer Privacy Acts, GDPR, etc...) as it relates to enterprise operations. Review, edit and advise on member, supplier, vendor and/or partner contracts as it relates to information security and privacy issues
  • Assist with review audits (e.g. client, regulatory and/or standards based) with business partners as needed to ensure appropriate data sharing, communication and prioritization for dependent resources.
  • Executes vulnerability management tasks including review of monthly vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts and production of monthly metrics.
  • Comprehend all aspects of Cybersecurity and apply technical application security testing expertise to assist in identifying weaknesses and vulnerabilities that affect the confidentiality, integrity and availability of corporate protected, sensitive and confidential company information and data
  • Ensures ISMS (Information Security Management System) documentation/policies and procedures stay current and updated.
  • Actively engages in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive and thought leadership attitude to Virtuoso and its Membership and the greater security community.
  • Follow and re-enforce Privacy and Security policies and guidelines
  • Working knowledge of information/cybersecurity, infrastructure vulnerabilities, and network security products (hardware and software)
  • Performs information security risk assessments and assists with the daily, weekly, monthly and quarterly internal auditing of information security processes.
  • Works directly with the Data Protection Officer on the Third-Party Risk Management program.
  • Administers the corporate Security Awareness program.
  • Experience handling security events/incidents as part of an Incident Response team
  • Ensure the integrity and confidentiality of access to designated corporate and customer applications, databases, servers, and other systems.
  • Monitors the security infrastructure for policy violations or security events and participates in problem management and forensic activities as needed.
  • Assists the Data Protection Officer in responding to client requests including preparation of written audit responses and preparation of evidence.
  • Tests and assists with selection and implementation of controls that apply security protections to enterprise systems, processes and information resources.
  • Supports IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).
  • Work history reflecting the ability to arrive at logical conclusions, anticipating obstacles and considering different approaches that are relevant to the decision-making process.
  • Demonstrated ability to effectively meet challenges, influence and drive consensus within a team environment.
  • Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
  • Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company.
  • May require occasional domestic and international travel.
  • Assumes additional responsibilities as assigned.

 

Education and Experience:

  • 3-5 years' experience in a combination of information compliance and Information Technology positions demonstrating a progressive growth in responsibility.
  • Direct and recent working experience with the following compliance programs/Information Security Frameworks: PCI-DSS, ISO 27001, NIST. Proven experience with current IT security and compliance technologies
  • Bachelor's degree or equivalent experience in an IT-related or compliance discipline or related work experience.
  • Cyber Security certification preferred (CISSP, CISM certifications, etc.)
  • Demonstrated understanding of technological trends and developments in the areas of information security, risk management, web architectures, and cloud computing.
  • Strong background in incident response, intrusion detection or threat intelligence.
  • Strong working knowledge of TCP/IP networking and common protocols.
  • Experience with centralized log management tools
  • Experience with managing endpoint and server protection technology such as anti-virus/spyware/malware, application whitelisting, and patching tools.
  • Experience with vulnerability and network penetration testing.
  • Strong communication skills and the ability to work collaboratively with IT and system administration, Database Administration and application development staff.
  • Strong organizational skills to lead multiple highly-visible projects
  • Experience preparing spreadsheets and documents using Microsoft Excel, Word and storing them on Microsoft SharePoint Information Security Team site.
  • Working knowledge of Windows operating system and web browser behavior, networking, database, systems, and mobile devices.
  • Knowledge of security issues, techniques, and implications across Enterprise client computer platforms required.
  • Proven interpersonal and communication skills.
  • Strong work ethic; excellent use of discretion and judgment. Excellent written communication skills.
  • Strategic thinking and planning abilities required.
  • Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.

 

Technical Competency Preferred:

  • Microsoft Office 365/Azure AD/MDM/Cloud App Security
  • Virtualization - VMware ESX and Microsoft's Hyper-V
  • Microsoft IIS and .NET framework
  • Intermediate knowledge PowerShell, or similar
  • Juniper Firewalls
  • Deep security experience (3+ years) in at least two major platforms (e.g., AWS, Azure, Windows, Linux, etc.)
  • Qualys - Vulnerability Management
  • CrowdStrike Endpoint protection

 

Type/Nature of Contacts:

External:  Daily contact with Virtuoso Members

External:  Daily contact with external Vendors

Internal:  Daily contact with Virtuoso staff

 

We offer a competitive salary and full benefits package, including medical/dental/vision/life, a company matched 401(k) savings plan, and more. Virtuoso is an equal opportunity employer, dedicated to promoting a diverse workforce.

Virtuoso
  • Apply Now

  • * Fields Are Required

    What is your full name?

    How can we contact you?

  • Share This Page
.
Logo Advisors Destinations Hotels Cruises Tours About