Sr Manager Governance, Risk, and Compliance (GRC)

Aven Hospitality is an innovative technology provider powered by SynXis®, the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition. With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction. Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections. We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next. Sr Manager Governance, Risk, and Compliance The Sr Manager Governance, Risk, and Compliance (GRC) will be responsible for defining, building and maintaining the entity-wide cybersecurity requirements, baseline controls, regular assessments, and attestation reporting. This role will oversee the development, execution, and innovation of general cybersecurity policies, standards, and related expectations. The GRC leader must be able to lead cybersecurity program definition and enablement, risk assessments, and security awareness training programs. They must also manage the vendor and supplier relationships with external cybersecurity compliance assessors (example: PCI QSA) and manage the yearly compliance audits. This role will also partner with other teams regarding data governance policies, data classification standards, and data retention rules. Overall, this role will demonstrate effectiveness through key performance indicators (KPIs), team development and retention, and strong leadership in order to achieve stakeholder satisfaction. Qualifications Bachelor’s degree in Cybersecurity or an IT-related field Experience in maturing cybersecurity programs for regulated entities Ensuring continuity of cybersecurity services during mergers and acquisitions 8+ years of experience in cybersecurity, with at least 3 years in a leadership or management role At least 5 years’ experience conducting assessment and preparing for compliance audits, including one or more of the following: PCI-DSS, ISO 27001, SOC-2 At least 3 years’ experience liaising with a Managed Services Provider (MSP)/Managed Security Services Provider (MSSP) that provides cybersecurity services (e.g., 24/7 threat monitoring, threat hunting and investigation, incident detection, Identity and Access Management [IAM], cloud-native analytics support, vulnerability scanning and identification) Expert knowledge of domestic and global data protection regulations and security frameworks regulations (such as PCI-DSS, GDPR, ISO 27001, NIST CSF, SOC-2) and application of them in complex environments Proven ability to make informed decisions with limited information, adapt to changing circumstances, and drive successful project outcomes through strategic thinking and proactive execution Security tool familiarity, including operations and management Experience managing PSIRT processes or vendor security assessments is a plus (Preferred) One or more of the following certifications: CISSP, CISA, CISM, or equivalent Responsibilities Oversee the development, execution, and innovation of the cybersecurity and GRC strategy at Aven Hospitality, including data governance and security, compliance audits, classification standards, privacy compliance, data controls/exceptions, customer trust, and third-party risk management reviews Manage the reporting and KPIs around governance, risk, and compliance at Aven Hospitality Provide hands‑on leadership and development of their team by providing ongoing coaching, mentorship, professional development, and performance feedback to foster effective team performance Develop and enhance Security Training and Awareness service delivery strategies to align with evolving cybersecurity standards, regulations, and emerging threats The GRC leader initiatives to improve service effectiveness through Standard Operating Procedure (SOP) development on service delivery, service onboarding/offboarding, quality assurance initiatives, and tool/process migrations, integrations, and automation Serve as an escalation point to internal teams and clients on GRC issue scoping and resolutions Maintain, develop, and document service runbooks for to maintain consistency and reflect the industry’s leading practices and latest standards Establish and maintain strong relationships with internal and external stakeholders, including key cross‑functional team leaders, regulators, and auditors, to ensure compliance with legal and regulatory requirements as well as industry standards Outstanding Benefits Very competitive compensation Generous Paid Time Off (25 PTO days) 8 Hours Annually Volunteer Time Off (VTO) We offer a comprehensive medical, dental and Wellness Program 12 weeks paid parental leave An infrastructure that allows flexible working arrangements Formal and informal reward, recognition and acknowledgement programs Lots of fun and engaging employee development events Reasonable Accommodation Aven Hospitality is committed to working with and providing reasonable accommodation to applicants with disabilities. Applicants applying for a Aven Hospitality position with a disability who require a reasonable accommodation for any part of the application or hiring process may contact Aven Hospitality at Contact Us. Determinations on requests for reasonable accommodation will be made on a case‑by‑case basis. Affirmative Action Aven Hospitality is an equal employment opportunity/affirmative action employer and is committed to providing employment opportunities to minorities, females, veterans and disabled individuals. EEO IS THE LAW #J-18808-Ljbffr Aven Hospitality