Senior Manager, Security Risk Analyst IV

Senior Manager, Security Risk Analyst IV

Posted: June 18, 2025 Job Type: Permanent Industry: Cybersecurity

Phaidon International is partnered with a leading global provider in the vacation ownership, rental, and resort experiences industry. This client is renowned for its exclusive vacation club memberships, premium timeshare properties, and luxurious travel options across an impressive portfolio of high-end resorts and destinations. With an unwavering commitment to exceptional customer service, they deliver flexible vacation solutions, including innovative points-based systems and robust exchange programs, operating under multiple globally recognized hospitality brands.

Our client is currently embarking on a significant technology transformation initiative, with a primary focus on modernization. The goal is to dramatically enhance customer relationships and further expand accessibility across all their experiences and destinations. Their ambition is to become a technology leader within the hospitality sector, and they are actively seeking visionary individuals eager to contribute their expertise and drive long-term innovation within the organization.

Under the reinvigorated leadership of their new CIO, the entire Global Technology organization is primed for substantial growth. This includes key departments such as Engineering & Operations, Data Platforms & Engineering, Artificial Intelligence, Information Security, Privacy, Infrastructure, Products & Platforms, Delivery Office, and the Office of the CIO. The business has a clear intent to double its investment in Technology across the organization for each of the next three years. This presents an unparalleled opportunity for you to be a foundational part of this transformative journey and drive significant innovation through advanced technology adoption.

Location & Compensation:

• Location: Orlando, FL (Onsite)
• Salary: $115,000 – $125,000 + bonus + benefits

What You’ll Be Doing:

In this high-impact role as a Senior Manager, Security Risk Analyst IV, you will be primarily responsible for creating and executing strategic initiatives that robustly protect the organization’s critical information systems and technology assets. Your focus will be on securing digital resources and meticulously maintaining a strong, adaptive security framework. You will provide crucial oversight for security efforts and assessment outcomes, ensuring the effective implementation of comprehensive security governance, enterprise risk management, and compliance programs. This includes identifying, evaluating, and strategically mitigating security risks across the entire technology landscape. Key responsibilities include:

• Strategic Security Alignment: Partnering closely with IT leadership and various business units to ensure that all security strategies are meticulously aligned with overarching business goals, objectives, and growth initiatives.
• Risk Identification & Evaluation: Proactively identifying and rigorously evaluating security risks present within the organization’s complex technology infrastructure, applications, and operational processes.
• Risk Assessment Oversight & Guidance: Offering expert guidance and providing strategic oversight on all security risk assessments, ensuring they strictly adhere to industry standards, best practices, and established company policies.
• GRC Tool Utilization: Expertly leveraging various tools and software solutions to facilitate efficient governance, comprehensive risk assessment, and meticulous compliance management. This includes utilizing specialized risk assessment systems, compliance tracking platforms, and developing insightful reporting dashboards.
• Cybersecurity Control Review & Enhancement: Continuously reviewing and evaluating the effectiveness of existing cybersecurity controls. You will ensure their ongoing compliance with key policies and lead efforts to identify and address any existing gaps or weaknesses.
• Internal & External Risk Mitigation: Taking a lead role in identifying, assessing, and mitigating both internal and external risks that could impact the organization’s information assets and operations.
• Advanced Quantitative & Qualitative Analysis: Conducting more advanced quantitative and qualitative analysis for complex business processes and/or strategic projects. This often involves overseeing smaller projects, specific business processes, or significant segments of larger organizational initiatives.
• Leadership in Risk Assessment Projects: Providing strong leadership and direct oversight for security risk assessment projects, ensuring all activities meticulously follow industry best practices and company-specific policies.
• Collaboration with Legal & Compliance: Collaborating closely and effectively with legal, compliance, and regulatory teams to ensure unwavering adherence to all relevant industry standards, regulations, and data protection requirements (e.g., GDPR, CCPA, HIPAA).
• GRC Process Enhancement: Identifying critical opportunities to enhance processes within the GRC (Governance, Risk, and Compliance) development lifecycle, recommending and implementing tangible improvements to optimize workflows and increase overall efficiency.
• Security Standards Development: Developing and meticulously maintaining technical security configuration standards across various platforms and technologies.
• Policy & Procedure Communication: Creating and clearly communicating comprehensive security policies, standards, and procedures to ensure consistent and uniform security practices across the entire organization.
• Regulatory Monitoring & Adaptation: Staying continuously informed about relevant regulations, industry standards, and emerging best practices. You will implement necessary updates to GRC systems to ensure ongoing compliance and adaptability.
• Audit & Assessment Management: Coordinating and actively participating in security audits and assessments, and effectively managing responses to audit findings and recommendations.

Required Experience:

We’re seeking a highly experienced and credentialed professional with a proven track record in information security risk management:

• Educational Background: A Bachelor’s degree in an IT-related field or equivalent relevant work experience (preferred).
• Advanced Security Certification: Possession of an advanced security certification is highly preferred, such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CGEIT (Certified in the Governance of Enterprise IT).
• Extensive Information Security Experience: Six to eight years of progressively responsible experience in diverse information security roles.
• Technical Audit/Compliance Experience: At least five years of experience in a technical audit, security compliance, or a similar dedicated risk management role.
• Security Framework Expertise: Deep and comprehensive understanding of leading security frameworks (e.g., NIST, ISO 27001, CIS), various regulatory requirements, and established industry standards.
• Risk Assessment Mastery: Strong expertise in various risk assessment methodologies and proficiency with associated tools.
• Vulnerability & Threat Knowledge: Extensive knowledge of security risk assessment techniques, robust vulnerability management processes, and effective threat modeling methodologies.
• Database & Data Modeling: Familiarity with various database management systems (SQL, NoSQL) and strong understanding of data modeling principles.
• Workflow & API Integration: Experience with workflow design, basic development concepts, and API integration functionality.
• GRC/ERM Tool Proficiency: Demonstrated proficiency in using GRC/ERM (Governance, Risk, and Compliance / Enterprise Risk Management) tools.
• Core IT Infrastructure Knowledge: Solid knowledge of IP networking concepts, major operating systems, and diverse cloud computing environments.
• Broad Technology Acumen: General working knowledge of web application and network technologies, various programming languages, databases, and a range of operating systems (Linux, Unix, Mac OS X, Windows).
• Advanced Security Principles: An advanced and nuanced understanding of core security principles, standards, and processes, including but not limited to authentication and access control, secure configurations, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, and robust cloud security.