About Four Seasons:
Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.
At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.
About the location:
Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.The Director of IT Governance, Risk, and Compliance (GRC) is a senior leadership role responsible for developing and executing strategies that ensure effective IT governance, robust risk management, and regulatory compliance at across all properties as well as corporate offices. This role is key to managing IT risks, and overseeing compliance with internal policies and external regulations. The Director of IT GRC will collaborate with stakeholders to implement frameworks that enhance the organization's security, integrity, and resilience.
This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the SVP, Chief Information Security Officer. This role involves interactions with primarily internal stakeholders at various levels.
What You’ll Be Doing
Compliance & Assurance:
Directs the definition, implementation, and monitoring of the IT Compliance framework to meet Four Seasons’ obligations under regulation, law, standards or contracts for Corporate Office and Properties
Oversee internal and external IT audits, facilitating reviews and ensuring the timely resolution of findings.
Leads the execution of IT Compliance practices includes but not limited to Home Office and Properties Security Assessments, PCI Program and Data Privacy program.
Lead the Four Seasons properties PCI compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies and regulations through Programmes such as Hotel Security Assessments, Hotel IT Operations Review, PCI review, etc.
Lead the Corporate Office PCI compliance program including but not limited to the annual home office audit and ensuring continual compliance with PCI and improvement of practices.
Ensures cross-functional collaboration across IT (Service Owners, Cybersecurity etc.), and functional departments (Finance, Legal, Operations, Internal Audit, etc.) through integrating enterprise risk, enterprise compliance and security requirements into the IT Compliance framework.
Accountable for continual reporting against the IT Compliance framework to key stakeholders.
Personal Data Protection:
Develop and implement a comprehensive IT risk management program to identify, assess, and mitigate risks across the IT landscape.
Perform risk assessments, vulnerability analyses, and impact evaluations to prioritize risk mitigation activities.
Collaborate with cybersecurity and IT teams to manage risks related to data breaches, cyber threats, and system failures.
Establish and oversee business continuity and disaster recovery plans, ensuring resilience against potential disruptions
Leadership and Team Management:
Lead and mentor a team of GRC professionals, providing strategic direction and fostering a culture of accountability, excellence, and continuous improvement.
Collaborate with internal stakeholders (e.g., Legal, Internal Audit, Information Security) to integrate GRC initiatives into overall business processes.
Serve as a trusted advisor to the executive team, providing insights on IT risks, compliance matters, and governance issues.
Technology Management:
Leads the management of the OneTrust Platform and ensure adoption of the solution globally
Leads the management of the ServiceNow GRC tool and ensure functionalities are continually assessed for alignment to Four Seasons IT Compliance and adoption.
Responsible for properties IT risk-based dashboard creation and management including metrics collection and developing reporting capabilities.
Leads the management of the PCI Portal ensuring that all PCI program documentation is up to date
Consultancy:
Acting as the Subject Matter Expert through providing advice and recommendations, based on expertise and experience, in the IT Compliance and Assurance space.
Supplier Management:
Manages the operational relationships between Four Seasons and the suppliers of IT Compliance and Assurance technologies.
Acts as Four Seasons’ point of contact for Qualified Security Assessors (QSA) and ensures close cooperation and accretive relationships.
Who You Are
Key Skills and Competencies:
Highly critical and analytical disposition
High attention to detail and strong listening skills
Natural curiosity and an ability to undertake creative exploration
The ability to manage many projects simultaneously and meet deadlines within a high-energy, fast-paced, and evolving environment
Ability to communicate complex topics to both technical and non-technical stakeholders.
Strategic Planning and Execution
Risk Assessment and Mitigation
IT Governance Frameworks
Compliance Management
Stakeholder Engagement and Communication
Business Continuity and Disaster Recovery
Change Management
Technical Skills:
Deep understanding of IT frameworks (e.g., COBIT, NIST, ITIL), compliance standards, and risk management methodologies.
Foundational understanding of data, infrastructure, application and cloud architectures.
Certification related to IaaS and PaaS providers is a significant asset.
What You Bring
Bachelor's degree in Information Technology, Computer Science, or a related field.
Minimum of 10 years of experience in IT compliance, information security, or a related area, with at least 5 years in a leadership role.
Proven track record of designing and implementing IT compliance programs in a global organization.
Deep understanding of regulatory requirements and control frameworks related to IT security, governance and data protection (e.g., GDPR, NIST, PCI, COBIT, ITIL).
Strong leadership and managerial skills, with experience in building and managing high-performing teams.
Excellent communication and interpersonal skills, with the ability to collaborate effectively across different departments and regions.
Ability to balance strategic thinking with hands-on execution in a dynamic environment.
Post-secondary degree
CISA, CGEIT, CRISC, CISM, CISSP, or other similar certifications are required
This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid
Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.