Technology and Information Security Manager

Company Description

Our comfortable rooms and spacious suites feature picturesque views of the city's skyline and are equipped with thoughtful amenities for laid-back style without any fuss.

Role Description

This is a full-time on-site role for Technology and Information Security Manager to oversee both hotel technology operations and corporate information security initiatives.

This role combines operational IT leadership with regional security governance and project management responsibilities. Focuses on supporting Paradox Singapore's technology infrastructure and day-to-day operations, while dedicated to corporate governance, information security, and enterprise-wide technology projects.

Responsibilities:

• Endpoint & Perimeter Security: Manage, monitor, and maintain 100% deployment coverage of Endpoint Detection and Response (EDR) agents across all local property workstations, front-desk pods, and back-office servers.
• Network Segmentation: Enforce and regularly audit the absolute logical isolation of guest networks (Guest Wi-Fi, In-room IPTV) from secure administrative and corporate data environments.
• Human Firewall Development: Design and execute localized scam-awareness briefings, phishing simulations, and mandatory cybersecurity onboarding training tailored specifically for high-risk frontline hotel staff.
• PDPA Compliance & Data Protection: Act as the on-site IT operational champion for the Singapore Personal Data Protection Act (PDPA). Ensure that the information collection, processing, storage, and disposal of PII strictly adhere to PDPA obligations.

• Project Lifecycle Management: Lead the end-to-end delivery (initiation, scoping, procurement, implementation, and closeout) of local property-level technology upgrades, such as Opera Cloud POS, Document Management Systems (DMS) or PMS Integration refreshes.
• Change Control & User Acceptance Testing (UAT): Coordinate with local department heads to design UAT workflows and schedule maintenance windows, ensuring zero disruption to guest services and operational downtime during system cutovers.

• Core Systems Escalation (L2): Act as the ultimate on-site escalation layer for critical hospitality hardware and software, including the Property Management System (PMS), POS platforms, and secure payment processing gateways.
• Business Continuity: Manage local IT operational expenditure (OPEX), verify the automated integrity of daily localized server and cloud backups, and maintain disaster recovery readiness

• Tenant Unification & Consolidation: Serve as the Lead Regional Project Manager orchestrating the multi-phase consolidation of disparate property email domains and assets into a unified enterprise Microsoft 365 tenant environment.
• Identity Boundary Engineering: Design, build, and maintain a secure multi-site Active Directory forest architecture mapping out secure connections between regional property domains.
• Strategic Roadmap Delivery: Champion and execute infrastructure and security milestones aligned with the group’s overarching 5-year IT Strategic Roadmap.

• Vulnerability Orchestration: Manage group-wide enterprise network vulnerability scanning protocols. Schedule regular external and internal scans across all regional properties and hold local teams accountable to strict remediation timelines.
• Forcepoint DLP Administration & Oversight: Engineer, deploy, and manage the Forcepoint Data Loss Prevention (DLP) enterprise architecture across all regional property and corporate endpoints. Design and enforce centralized DLP rules, discovery policies, and data classification tags to monitor and prevent unauthorized exfiltration of sensitive guest and corporate data via email, web channels, USB, or cloud storage.
• Global PCI-DSS & PDPA Alignment: Point of contact for external security auditors. and reporting to demonstrate continuous, audit-ready compliance with global PCI-DSS standards and localized data privacy laws (such as Singapore's PDPA).
• Incident Response Playbooks: Standardize and update corporate Incident Response plans and business continuity guidelines. Logs from SIEM can be used to discover threats and incident consoles to triage, investigate, and mitigate potential internal data leaks or brand-level digital crises.
• Vendor Risk Management: Conduct rigorous security architecture reviews and data privacy assessments on all third-party APIs, hospitality booking engines, and enterprise software platforms before approving group-wide deployment.

• Understand and lead Risk Governance & SaaS Management,
• Track data tier classifications, vendor SOC 2 compliance, and geographic data hosting locations.
• Establish and manage a centralized ERM (Enterprise Risk Management) SaaS registry and automated vetting workflow to catalog, risk-score, and govern all group-wide AI models, autonomous agents, and SaaS vendors before regional deployment.
• Established the policies used to build, monitor, and regulate AI models. Its goal is to ensure AI technologies remain safe, transparent, unbiased, and compliant with laws

• Localized Policy Standards: Translate corporate IT blueprints into operational reality by authoring localized standard operating procedures (SOPs)

• Provide support to the Global Director, Information and Technology for policy review and audit compliance: the annual review and revision cycle of all corporate IT security policies, modifying standards based on shifting threat landscapes, emerging technologies (like Agentic AI), and global hospitality audit requirements (PCI-DSS)

• Undertake projects and assignments as directed by Corporate Management