Overview

Banyan Group is an independent, global hospitality company with purpose. We are proud of our pioneering spirit, design-led experiences and commitment to responsible stewardship. Our extensive portfolio spans across over 80 hotels and resorts, over 60 spas and galleries, and 14 branded residences in over 20 countries. Comprising 12 global brands, including the flagship brand Banyan Tree, each distinct yet united under the experiential membership programme with Banyan. The founding ethos of “Embracing the Environment, Empowering People” is embodied through the Banyan Global Foundation and Banyan Management Academy. Banyan Group is committed to remaining the leading advocate of sustainable travel, with a focus on regenerative tourism and innovative programmes that elevate the guest experience.

The Role

The Senior Manager – IT Security is responsible for driving the development, implementation, and maintenance of the organization’s cyber security strategy and roadmap across all hotel properties and corporate offices. This role ensures the confidentiality, integrity, and availability of data and systems, mitigates risks, and ensures compliance with internal policies and external regulations.

You will be involved in leading security audits, managing incident response, and collaborating with Cluster IT and Hotel IT and business teams to embed security into all technology initiatives, both corporate and hotel as well as advising executive leadership on emerging threats and mitigation strategies.

Responsibilities

Primary Responsibilities

• Security Strategy & Governance – Define and maintain IT security policies, standards, and budgets; align initiatives with business objectives and regulatory frameworks; advise leadership on risks and investments.
• Identity & Access Management (IAM) – Strengthen IAM frameworks, ensuring secure, efficient access via Azure AD, SSO, MFA, and role-based controls.
• Risk & Compliance – Conduct risk assessments, access reviews, and audits; ensure compliance with international standards (e.g., SOC 2, ISO 27001, PCI-DSS, GDPR, PDPA, PIPL); manage remediation of non-compliance.
• Security Operations – Oversee monitoring and response using SIEM, IDS/IPS, firewalls, and endpoint protection; collaborate on secure network/cloud design; track KPIs and incident trends.
• Cloud & SaaS Security – Safeguard cloud infrastructure and SaaS platforms, ensuring secure integration, vendor oversight, and SLA compliance.
• Incident Response & Continuity – Lead incident investigations, disaster recovery planning, and testing of backup systems to ensure operational resilience.
• Awareness & Training – Drive staff education, campaigns, and IT team guidance to foster a culture of cybersecurity.
• Leadership & Collaboration – Lead, mentor, and develop IT security teams; promote cross-functional collaboration across corporate and hotel operations.

Secondary Responsibilities

• Maintain up-to-date documentation of security policies and architecture.
• Manage downtime of security systems to minimize business disruption.
• Oversee vendor performance (MSSPs, auditors, technology providers) and evaluate new solutions.
• Travel occasionally for audits, training, and incident response.

Requirements

• Degree in Information Security, Computer Science or related field
• Minimum 5 - 7 years in IT security roles, preferably in hospitality or multi-site environments
• CISSP, CISM, CEH or equivalent certifications
• ITIL or PMP certification preferred
• Proven expertise in cybersecurity frameworks, risk management, and incident response.
• Strong understanding of cloud security, SaaS governance, and network protection.
• Excellent leadership, communication, and stakeholder engagement skills.

Desirable Skills

• Experience in hotel operations and property-level IT systems including PMS and POS.
• Ability to manage multiple projects under tight deadlines.
• Strong analytical and problem-solving capabilities.
• Is dedicated and committed.
• Ability to work under pressure and with tight deadlines.