IHG Hotels & Resorts is one of the world’s leading hotel companies with a purpose to provide True Hospitality for Good.
Project Manager – Security Governance, Risk & Compliance (SGRC)
Location
Philippines
Posted
4 days ago
Salary
0
Seniority
Senior
Job Description
Project Manager – Security Governance, Risk & Compliance (SGRC)
IHG Hotels & Resorts
• Lead status reporting and executive communications, producing clear, executive-ready updates • Manage the coordination of deliverables across multiple P&T priority programs • Drive cross-functional execution and alignment, ensuring dependencies, prerequisites, and critical deliverables are identified, tracked, and delivered on time • Manage financial planning and tracking across security workstreams • Coordinate delivery across internal teams, product teams, vendors, and service providers • Facilitate meetings, driving accountability, and ensure clear documentation of actions, timelines, and outcomes • Proactively identify and escalate risks, gaps, and delivery blockers
Job Requirements
- Bachelor’s degree in Information Technology, Business, or a related field.
- PMP or equivalent certification
- Proven experience managing cross-functional initiatives involving multiple teams and stakeholders
- Strong organizational and execution discipline
- Experience tracking risks, issues, and dependencies
- Ability to develop and maintain detailed project plans and manage against milestones and deliverables
- Strong communication skills with ability to engage both technical teams and business stakeholders
- Proficiency in project management tools and reporting (e.g., MS Office, project tracking tools)
- Ability to operate independently and drive outcomes without direct authority
Benefits
- Opportunities for professional development and career growth.
- A collaborative and inclusive work environment.
- The chance to work on impactful projects within a global organization.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Lead client engagements and project execution providing information security consultation and assessment services, helping our clients meet their compliance obligations by evaluating their business, technology, and operations against industry security standards • Educate, mentor, advise, and share your expertise with clients and colleagues to aid in making decisions on topics like Artificial Intelligence, organizational security strategy and services scope as well provide consultative guidance on complex projects • Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance • Consult/advise with C-level Security Leaders (CISO, CSO, CIO, etc.) and the Board of Directors with our most valued and strategic clients • Develop strategic, operational, and tactical recommendations tailored to each client with the intent to improve a client’s security posture and compliance position • Create detailed strategic security roadmaps with short-term, mid-term, and long-term goals that prioritize remediation recommendations and address all instances of non-compliance with applicable regulatory, statutory, contractual, and organizational obligations • Lead large security engagements in concert with other cybersecurity practices and Presidio teams • Develop security policies, standards, and procedures that are custom-tailored to each client’s unique culture, security goals, and organizational objectives using industry best practices and compliance requirements • Review, analyze, and assess key factors, including inherent risk, mitigating controls, business impact, likelihood and other key elements to determine organizational security risk • Ensure and assess client alignment to, and/or compliance with, applicable regulatory, federal, state, local, contractual, and organizational requirements and best practices standards such as ISO 27001, NIST Cyber Security Framework (CSF), PCI DSS, HIPAA, FERPA, NIST 800-171, CMMC, etc. • Work closely with organizations to conduct security program development by establishing the foundation for a best of breed security program architecture reference model using industry frameworks and standards such as ISO 27001, NIST 800-53, NIST CSF, etc. • Work with other seasoned Principal Security Consultants in a collaborative setting to support and assist on the execution and delivery of key services such as Cloud Governance, Advisory Services, security program development, documentation review, and security consulting services • Execute tabletop exercises after collaborating with client stakeholders to select the scenario then create an After-Action Report • Deliver PCI Advisory Services, including PCI Gap Analysis, SAQs, ROCs and AOCs • Deliver CMMC Advisory Services, including CMMC Readiness Assessments • Assist leadership in cybersecurity administrative functions, such as documentation maintenance, documentation creation, peer review, and other internal cybersecurity activities
LEAD INFORMATION SECURITY ENGINEER
Lumen TechnologiesLumen Technologies is self-described as a global company of 40,000+ professionals empowering businesses, government, and communities to “produce amazing thing
Role Description At Lumen, the Lead Information Security Engineer owns the development, maintenance, and defensibility of the security authorization package for assigned systems, ensuring compliance with federal requirements and readiness for assessment. In this role, you apply and refine your RMF expertise through end-to-end execution, working directly with customers and stakeholders to validate controls, surface risk, and drive remediation. Your impact is measured through the successful sustainment of Authorization to Operate (ATO) outcomes, the strength of the system’s security posture, and the ability to support secure, compliant delivery of mission-critical services. The Lead ISSO may operate independently for smaller or less complex environments or in alignment with a Senior Lead (ISSM) for larger programs. The successful candidate will demonstrate the ability to: - Serve as the primary ISSO for assigned systems, accountable for end-to-end RMF execution and ATO outcomes - Execute the full RMF lifecycle, including categorization, control implementation, assessment readiness, authorization support, and continuous monitoring - Develop, maintain, and ensure accuracy of authorization artifacts (e.g., SSP, POA&M, control evidence) - Ensure systems remain ATO-compliant, audit-ready, and aligned with federal requirements (e.g., FedRAMP, FISMA, DoD) - Track, prioritize, and drive remediation of vulnerabilities, audit findings, and control deficiencies - Provide system-level risk assessments and actionable recommendations, including impact and remediation considerations - Monitor vulnerability, audit, and continuous monitoring data to maintain awareness of system risk posture - Coordinate with engineering, operations, and program teams to ensure security controls are implemented effectively and sustainably - Support security assessments, audits, and inspections as the ISSO representative, including direct interaction with assessors and customer stakeholders - Evaluate products, services, and proposed architectures for compliance, risk, and implementation feasibility within customer authorization environments - Support customer integration of managed services by defining control responsibilities, inheritance boundaries, and implementation expectations - Provide input grounded in RMF execution and ATO processes to support solution design, capture efforts, and delivery alignment Qualifications - Bachelor’s degree in information assurance, cybersecurity, or a related field, or equivalent experience - Minimum of 5 years of relevant experience in information assurance, with demonstrated responsibility for RMF execution and ATO support - Proven experience developing and maintaining authorization artifacts (e.g., SSP, POA&M) and supporting security assessments - Experience operating in customer-facing or services-based environments supporting federal or regulated clients is strongly preferred - Relevant certifications in governance, risk, and compliance (e.g., CGRC, CISA) are strongly preferred or equivalent demonstrated RMF experience - Broad security certifications (e.g., CISSP, CCSP) are preferred and may supplement GRC experience - Proficiency with technologies, tools, and processes supporting GRC, vulnerability management, and continuous monitoring Requirements - Strong working knowledge of NIST RMF (SP 800-37) and NIST SP 800-53 control framework - Demonstrated experience executing RMF activities and supporting or leading ATO outcomes for federal or DoD systems - Experience with FedRAMP and/or FISMA authorization processes, including artifact development and assessment readiness - Ability to independently execute RMF activities and manage system-level security posture with minimal oversight - Strong understanding of control implementation, inheritance, and shared responsibility models within complex or hybrid environments - Ability to assess and communicate security risk in complex architectures, translating regulatory requirements into actionable guidance - Experience evaluating security, compliance, and delivery feasibility of products, services, and architectures - Working knowledge of cryptographic principles and emerging standards, including post-quantum cryptography (PQC), and ability to assess vendor solutions for compliance, risk, and implementation considerations - Strong collaboration skills across engineering, operations, program management, and security teams - Effective written and verbal communication skills for both technical and non-technical audiences - Demonstrates Lumen leadership behaviors (teamwork, trust, transparency, clarity, courage, customer focus, growth mindset, respect) Benefits - Comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing
IBMi Security Admin
UnitedHealth GroupUnitedHealth Group is a healthcare and well-being company that’s dedicated to improving the health outcomes of millions around the world. We are comprised of
Role Description Positions in this function design, engineer, and manage the organization's infrastructure and operational platforms. From a cloud services model, this includes services commonly thought of as IaaS and PaaS and their underlying foundational components. Additionally, this function also has responsibility for traditional enterprise infrastructure and operational platforms such as email, file transfer, and collaboration technologies, among others. This role must understand functional and non-functional requirements to ensure they can be achieved through system design and engineering to meet the needs of the customers. - Work closely with business and technology stakeholders to develop roadmaps for their respective technology portfolios. - Resolve cross-system and domain dependencies. - Ensure effective integration among the services offered to the end customer. - Monitor technological advancements and industry trends to influence company standards. - Ensure that solutions are continuously improved and maintained through product management practices. - Understand the interactions between systems, the applications and services hosted, and evaluate the impact of changes and additions. - Perform analysis on existing systems to ensure performance and reliability, enhance scalability, meet security requirements, and maintain an interoperable technology portfolio. You will enjoy the flexibility to telecommute* from anywhere within the U.S. as you take on some tough challenges. Primary Responsibilities: - Secure the IBMi servers and the applications to prevent unauthorized access to client data, system configurations, application function, communications between servers and applications. - Provide evidence for various audits such as ICFR, SOC, HITRUST, and client or state required audits. - Manage security reporting, investigate potential security breach evidence, and build new reporting of security activity using various security tools, some programming, and SQL. - Review various vulnerabilities, prioritize, and remediate. - Leverage enterprise-approved AI tools to enhance productivity and innovation by streamlining workflows and automating repetitive tasks. - Evaluate emerging trends to drive continuous improvement and strategic innovation. Qualifications - Bachelor’s degree or 4+ years of information technology experience. - 4+ years of IBMi System Admin experience. - 2+ years of IBMi Security experience with security-related options such as Group Profiles, Authorization lists, direct object security or similar, and when to use each level of security. Requirements - Knowledge of Enforcive, Compliance Monitor, Command Security, SIEM4, Identity Manager or other security applications. - ICFR, SOX, and HITRUST audit evidence collection and reporting. Benefits - Comprehensive benefits package. - Incentive and recognition programs. - Equity stock purchase. - 401k contribution (all benefits are subject to eligibility requirements).
Role Description Buscamos um(a) Engenheiro(a) de Segurança CyberArk Sênior para desempenhar um papel crítico no avanço do nosso programa de Gerenciamento de Acesso Privilegiado (PAM). Esta é uma posição de alto impacto focada na engenharia, arquitetura e escalonamento de soluções CyberArk em um ambiente corporativo complexo e de grande escala. - Liderar o design, a implementação e a otimização de soluções CyberArk PAM, abrangendo módulos essenciais como EPV, PSM, CPM e Conjur. - Atuar como Especialista Técnico (SME) para a segurança de acessos privilegiados, orientando decisões estratégicas e de arquitetura de PAM em toda a empresa. - Conduzir a integração (onboarding) e o gerenciamento do ciclo de vida de contas privilegiadas, serviços e segredos (secrets) em ambientes locais (on-prem) e em nuvem. - Projetar e implementar fluxos de trabalho de acesso seguro, integrando o CyberArk com ferramentas corporativas (ex: ServiceNow, Active Directory e plataformas de nuvem). - Desenvolver e manter frameworks de automação para o onboarding de contas, rotação de credenciais e aplicação de conformidade. - Implementar e aprimorar o gerenciamento e monitoramento de sessões, incluindo o isolamento e a gravação de sessões privilegiadas. - Liderar iniciativas de Monitoramento Contínuo de Controles (CCM) para garantir a adesão às políticas de segurança e requisitos regulatórios. - Colaborar com as equipes de segurança, infraestrutura e aplicações para incorporar os princípios de menor privilégio (least privilege) e confiança zero (zero trust). - Fornecer mentoria e liderança técnica para engenheiros juniores, além de contribuir para a definição de padrões da equipe. - Desenvolver e manter documentações técnicas, runbooks e procedimentos operacionais padronizados. - Apoiar os esforços de resposta a incidentes relacionados a acessos privilegiados e cenários de comprometimento de credenciais. Qualifications - Bacharelado em Tecnologia da Informação, Administração de Empresas, Finanças ou áreas correlatas. - Sólida experiência sênior atuando com engenharia e arquitetura de soluções CyberArk PAM. - Domínio avançado dos componentes CyberArk (EPV, PSM, CPM e Conjur). - Forte conhecimento prático na integração do CyberArk com Active Directory, ServiceNow e ambientes de nuvem pública. - Experiência com práticas de automação voltadas para governança de acessos (rotação de senhas, conformidade e auditoria). - Familiaridade com conceitos modernos de segurança da informação, como Zero Trust e privilégio mínimo. - Idioma: Inglês Avançado (B2/C1). Requirements - Possuir MBA, diploma avançado (pós-graduação/mestrado) ou experiência anterior atuando em consultoria de gestão. - Certificações oficiais da CyberArk (como CyberArk Defender, Sentry ou Guardian).



