Responsibilities:

Conduct information security risk assessments by following the Four Seasons internal risk
assessment methodology and template.
Assist in developing and documenting secure solution deployment and configuration guides as
the direct result of the completed risk assessments.
Day to day evaluation of adherence to Four Seasons internal information security controls.
Identify weaknesses in the in place operational processes, systems and network and escalating
these observations for management prioritization.
Participate in conference calls with hotels and vendors to gather information and to work on
specific tasks as required.
Promote information security awareness by providing hands on training and mentoring in the
areas of GRC.
Work with a multi discipline team to create a solid information technology infrastructure, and
collaborate with clients to ensure that the relevant policies and procedures are implemented.
May also be involved in the execution of internal audits and the creation of internal audit reports.

Skills required:
This is not a beginner level position and requires great comfort level and experience with both of the
technology and governance aspects of the job.
A GRC Analyst typically has a bachelor degree in information security or in information technology.
A strong technical understanding and hands-on experience with computer networks is a must have.
Ability to clearly communicate with technical and non-technical stakeholders is a must, in order
to translate technical jargon into business related decisions for management and clients, and
business objectives into technical solutions.
Ability to work independently and with minimal supervision.
Special emphasis is placed on demonstrated knowledge in the areas of risk assessment, strong
understandings of secure communications, secure data storage, secure systems development,
secure systems deployment and documentation.
Ability to rely on extensive field experience and judgment to plan and accomplish the set goals.
Familiarity with a variety of the information security, networking, and governance concepts,
practices, and procedures.
Demonstrated understanding of real world application of (ISO/IEC) 17799:2005(E) standards,
COBIT and RISK IT frameworks and PCI-DSS requirements.
Expert working knowledge report creation and data analysis via MS-Word, PowerPoint and Excel
applications.
Must be able to quickly absorb a high volume of company specific knowledge, understanding
new technologies and their impact on the company's overall security posture.
Well rounded understanding of the information security risks generated by incorrectly deployed
and configured applications.
Patience and an ability to teach is a plus, as much of the information discovered on the job
requires imparting knowledge to others in the company work environment.
Demonstrated ability to operate in a high stress multi-tasking environment.
A wide degree of creativity is expected.

Certifications:
CISSP
CISA