We Put the World on Vacation
At Travel + Leisure Co., our mission is simple: to put the world on vacation. With a focus on vacation ownership, travel memberships, and exchange programs, we’re shaping the future of leisure travel by creating new possibilities for vacationers. Innovation and growth keep our work interesting and fun. Every day is a chance to learn something new and turn vacation inspiration into exceptional experiences for millions of travelers worldwide.
Reporting to the Chief Information Security Officer (CISO), the
Vice President of Cybersecurity is responsible for executing the Travel+Leisure Information Security strategy and overseeing operational management of the Information Security teams. The VP of Cybersecurity will lead day-to-day operations and management across Information Security domains; coordinate with Information Technology and business teams to reduce risk; and ensure Travel+Leisure technology, projects and initiatives are compliant, secure, current with industry trends, cost effective and in line with enterprise and corporate strategies.
How You'll Shine
- Provide tactical/day-to-day leadership to information security teams who maintain T+L’s information security program, across all domains, globally. Establish goals and objectives; create and enforce policies and procedures; create and execute technology and personnel plans in order to protect the security, privacy, confidentiality and integrity of information and information systems throughout the enterprise.
- Partner with the CISO to influence and conduct strategic and tactical level planning in coordination with peers in IT to develop, deploy and support secure solutions that exceed business needs. Partner with the CISO to develop and execute the T+L Information Security strategy.
- Implement, maintain, and elevate processes and procedures to ensure confidentiality, integrity, and availability of business systems and minimize service interruptions. Ensure processes are harmonized with third parties that are accountable to deliver key services. Develop a culture of continuous improvement and accountability.
- Responsible for managing towards fiscal goals and constraints. Included in this is managing the operational budget, relative staff and consulting consumption budgets as well as project related allocations as they relate to internal and external efforts. Additionally, this role must identify opportunities to reduce cost without impacting the company security posture.
- Accountable for all on premise and cloud information security tools, technologies and platforms company wide. This includes full lifecycle management, metrics and KPIs, operations, and maturity.
- Lead the evaluation and adoption of emerging information security technologies in order to secure the enterprise on-premise and cloud operating environments, as well as application development, digital, and data management practices in collaboration with IT peers.
- Ensure alignment to established policies, procedures as well as standards. These include but not limited to company practices, security/compliance, industry best practices as well as SOX, PCI, CCPA and related for in-scope services and products company wide.
- Serve as leader responsible for security incident response and related activities. Lead company security incident management processes. Escalate security events and incidents to the CISO, track information security event and incident metrics. Interface with third party partners, law enforcement, industry peers and others as needed to ensure proper security incident and risk management.
Travel Requirements
- Some travel may be required as necessary but typically less than 10%.
What You'll Bring
- Bachelor’s or master’s degree in relevant technology field (e.g., Cybersecurity, Risk Management, Management Information Systems, Computer Science, etc.) or equivalent years of experience and training.
- Security certifications or training such as CISSP, CEH, etc. preferred, but not required.
- Project Management certifications or training such as PMP, PGMP, etc. preferred, but not required.
- Demonstrated ability to work under pressure.
- Demonstrated experience in incident response and incident management.
- Demonstrated ability to communicate with both technical team members and executives.
- Must have deep knowledge of Information Technology domains (i.e. network, server, end user compute, etc.).
- Must have deep knowledge of and experience with Information Security/Cybersecurity domains, including but not limited to Governance, Risk and Compliance (GRC), Security Architecture, Identity and Access Management, Security Engineering, Security Operations, Detection and Response, Vulnerability Management, Penetration Testing, and Incident Response.
- Must have the ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
- Possess strong interpersonal and project management skills.
- Must possess understanding of and experience with privacy related concepts and controls.
- High personal credibility and integrity.
- Strong ability to persuade, convince and influence others through collaboration and drive results to reduce risk to the enterprise.
- Must have the ability to work autonomously and effectively prioritize in a highly dynamic work environment.
- Experience providing leadership to cross-functional technology teams, people management and managing budgets.
- Experience working with CIOs, CTOs, and other senior executive technical and non-technical Directors, VPS and SVPs.
- Strong background in security controls, application security, network and system security, and/or general cyber security best practices, controls and techniques.
- Strong background in network, end-user-computing, infrastructure and/or cloud.
- Minimum 12 years of experience in a combination of Cybersecurity, Incident Management, Threat and Vulnerability Management, Identity and Access Management, or other core Information Security domains. Other technology experience may be considered if candidate has demonstrated experience or expertise indirectly with the security domains.
- At least four years must be in a senior leadership role. Employment history must demonstrate increasing levels of responsibility and positive impact.
- Experience in providing strategic leadership.
Experience equivalent to the education requirement may be accepted in lieu of the education requirement.
How You'll Be Rewarded
We offer a diverse range of comprehensive health and welfare benefits to associates who work 30 or more hours per week to meet your needs and support you throughout your career with us. Travel + Leisure Co. benefits include:
Note: Temporary and/or seasonal associates are ineligible for Paid Time Off.
- Medical
- Dental
- Vision
- Flexible spending accounts
- Life and accident coverage
- Disability
- Depending on position, paid time off, parental leave and holidays (speak to your recruiter for additional information)
- Wish day paid time to volunteer at an approved organization of your choice
- 401k with employer match (subject to eligibility requirements, including tenure - speak to your recruiter for additional information)
- Legal and identify theft plan
- Voluntary income protection benefits
- Wellness program (subject to provider availability)
- Employee Assistance Program
Where Memories Start with You
Hospitality is at the heart of all we do at Travel + Leisure Co. Here, you’ll find an inclusive environment where we deliver excellence and take time to have fun, celebrate together, and support one another. We're always looking ahead to what’s next and how we can strengthen our business, its neighboring communities, and the customer experience. Join our global team and build a career where memories start with you.
We are an equal opportunity employer, and all applications will be considered for employment without attention to their membership in any protected class. If you require any reasonable accommodation to complete your application or any part of the recruiting process, please email your request to MyCareer@travelandleisure.com, including the title and location of the position for which you are applying.