About Four Seasons:Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.About the location: Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing.Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.Four Seasons has an exciting opportunity in our Information Technology department for a Regional Security Analyst. Working with the Global Information Security team, the Regional Security Analyst will define, enforce, and audit security policies across multiple business enabling technologies. The Analyst will ensure that all technologies are configured efficiently and operated effectively and will act as an advisor for the region that they support.This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to Director, Global IT Security. This role involves interactions with primarily internal stakeholders at various levels.What You’ll Be DoingSecurity Technology Implementation:Assist in selection, deployment, and administration of key security technologies.Information Security Policies and Procedures:Assume responsibility for keeping the set of Four Seasons Information Security Policies and Procedures up to date.Review and provide consultation on Four Seasons’ technology risk assessments.Define and ensure that that these policies are translated into day-to-day operational procedures that are diligently followed in-region.Incident Response:Assist in conducting investigations of security breaches and non-adherence to IT security policies and procedures, including those of a sensitive and confidential nature.Reports findings and recommendations to Manager.Security Operations:Investigate and Analyze security-related events, review the risk and validity, and engage the right teams for mitigation.Ability to understand system data, including, security event logs, system logs, and firewall logs for in-depth investigations and Root Cause Analysis.Report and investigate potential security incidents.Contribute to the development/delivery of awareness training and general Information Security education.Vulnerability Management:Conduct Network and System Vulnerability assessments and documentation of corrective/remediation actions.Drive the end-to-end vulnerability lifecycle from discovery to closure.Identify internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer’s information assets.Ensure timely follow up with patch management and vulnerability remediation with impacted stakeholders.Regional Subject Matter Expert:Identify, evaluate, and assist with security control recommendations to mitigate information security risks.Evaluate and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies.Independently facilitate meetings and discussions within local corporate office to understand and document processes and systems.Provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy.Stakeholder Management:Interact and build relationships at all levels in the organization, including the local corporate office.Work with teams globally to ensure compliance with Global IT Security processes, procedures, policies, standards, templates, and guidelines.Stay abreast with evolving information and technology risks, new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing company compliance with as required.Who You AreBehavioural Competencies:Has a passion for Information Security and Privacy disciplines.Highly critical and analytical disposition.High attention to detail and strong listening skills.Ability to work independently with minimal supervision.Natural curiosity and an ability to undertake creative exploration.Self-motivated, with critical attention to deadlines and reporting.The ability to manage tasks simultaneously and meet deadlines within a high energy, fast paced and evolving environment.The ability to grasp and communicate technical issues to a variety of audiences.Strong advocate for an information risk culture.Well-rounded understanding of the information security risks generated by incorrectly deployed and configured applications.Exceptional communication skills and confidence to engage, challenge and/or make presentations with stakeholders who may have little expert technical knowledge.Technical Competencies:Proven experience performing analysis of security events to determine root cause and provide resolution.Very strong working knowledge of security tools such as firewalls, IDS/IPS, A/V, EDR, anti-spam, content management, server and network device hardening, etc.Competence in using an internal and external ticketing system for ITIL-based incident, problem and change management.Previous experience in troubleshooting day-to-day operational processes such as report generation, data verification, data correlation, etc.Proficiency in running, adjudicating and remediating results from vulnerability scans.Strong understanding of PCI DSS.Strong experience with cloud operations – security focused (AWS, Azure).Experience in WAF technologies.Strong understanding of computer networking.Experience with IT/Network operations including server and network/firewall configurations.Scripting knowledge (VBS/JS, PowerShell, Bash, Python).Experience and/or knowledge of security and privacy enhancing technologies such as identity management, application security and network security technologies.Working knowledge of OWASP Top 10 and application security fundamentals.Understanding an experience with enterprise SIEM technologies.Demonstrated knowledge in the areas of risk assessment, strong understandings of secure communications, secure data storage, secure systems development, secure systems deployment, and documentation.Demonstrated understanding of real-world application of (ISO/IEC) 17799:2005(E) standards, COBIT and RISK IT frameworks and PCI-DSS requirements.What You BringMinimum 4 years of relevant experience in an IT Security role.Proven experience performing analysis of security events to determine root cause and provide resolution.Strong experience with cloud operations – security focused (AWS, Azure).Experience with IT/Network operations including server and network/firewall configuration.Strong understanding of PCI DSS, NIST and other compliance frameworks.Very strong working knowledge of security tools such as firewalls, IDS/IPS, A/V, EDR, anti-spam, content management, server and network device hardening, etc.Preferred experience with above systems in a hotel/hospitality environment.Bachelor’s degree or equivalent business qualifications.Information Security certification required (CISSP, GSEC, GMON, or similar).Networking certification preferred (CCNP, CCNA, or similar).This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-HybridFour Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.
