WHO WE ARE

At Hyatt, we believe in the power of belonging and creating a culture of care, where our colleagues become family. Since 1957, our colleagues and our guests have been at the heart of our business and helped Hyatt become one of the best and fastest-growing hospitality brands in the world. Our transformative growth and the addition of new hotels, brands, and business lines can open the door for exciting career and growth opportunities for our colleagues.
As we continue to grow, we never lose sight of what’s most important: People. We turn trips into journeys, encounters into experiences, and jobs into careers.

WHY NOW?

This is an exciting time to be at Hyatt. We are growing rapidly and are looking for passionate changemakers to be a part of our journey. The hospitality industry is resilient and continues to offer dynamic opportunities for upward mobility, and Hyatt is no exception.

WHO YOU ARE

As our ideal candidate, you understand the power and purpose of our culture of care and embody our core values of Empathy, Inclusion, Integrity, Experimentation, Respect, and well-being. You enjoy working with others, are results-driven, and are looking for a variety of opportunities to develop personally and professionally.

EXPERIENCE REQUIRED:

• Bachelor’s degree in Information Security, Information Technology, Risk Management, Cyber Security, or a related field (or equivalent work experience).
• 5+ years of experience in GRC, IT compliance, or information security, with significant PCI DSS and SOX ITGC experience.
• Proven history of leading PCI DSS Level-1 Service Provider assessments with a QSA.
• Strong understanding of PCI DSS requirements, SOX Compliance, and general IT audit frameworks.
• Experience coordinating with external auditors and managing cross-functional remediation efforts.
• Excellent organizational, communication, and stakeholder management skills.

EXPERIENCE PREFERRED:

• Preferred certifications: PCI Qualified Security Assessor (QSA), PCI Internal Security Assessor (ISA), CISA, CISSP, CRISC, or equivalent.
  The position responsibilities outlined above are in no way to be construed as all-encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

The Senior GRC Analyst will serve as a subject matter expert in Payment Card Industry Data Security Standard (PCI DSS) compliance, supporting the organization’s ongoing PCI-related assessments and certification efforts. This role is responsible for leading assessment activities, ensuring compliance with applicable requirements, and working closely with cross-functional teams to identify, document, and remediate gaps. In addition to PCI responsibilities, the Senior GRC Analyst will assist other IT compliance engagements where you will act as the 2nd line of defense for the organization, such as SOX IT General Controls (ITGC)evaluations, vendor security assessments, regulatory reviews, etc.. The Senior GRC Analyst will also drive process improvements to strengthen the organization’s overall compliance posture and reduce risk exposure.

• Lead the end-to-end PCI DSS Level-1 Service Provider assessment process in collaboration with the external QSA, from planning through final Report on Compliance (ROC) delivery.
• Serve as the primary liaison with QSAs, external auditors, and internal stakeholders to ensure timely deliverables, effective communication, and resolution of findings.
• Interpret PCI DSS requirements and provide actionable guidance to technical and business teams for effective implementation.
• Oversee evidence gathering, review, and validation to support PCI DSS, SOX ITGC, operational audits in conjunction with Hyatt Internal Audit, and other compliance assessments.
• Manage SOX ITGC audit activities, including coordinating with control owners, addressing deficiencies, maintaining control documentation, and overseeing remediation activities with the control owners.
• Support other IT compliance initiatives such as vendor risk management, ISO 27001 alignment, and regulatory or contractual audits.
• Develop and maintain compliance-related policies, procedures, and control documentation.
• Track, monitor, and report compliance metrics to management and senior leadership.
• Stay informed on regulatory and industry changes, advising stakeholders on potential impacts and required adjustments.

Qualifications