Are you a master of craft? Do you thrive in a team that succeeds together, demonstrating integrity and respect while acting responsibly? Do you embrace a growth mindset? We invite you to become a fan of the exceptional. 

Mandarin Oriental is the award-winning owner and operator of some of the most luxurious hotels, resorts and residences located in prime destinations around the world, with a strong development pipeline. Increasingly recognized for creating some of the world’s most sought-after properties, the Group provides legendary service inspired by Asian heritage whilst representing the very cutting-edge of luxury experiences.

The Mandarin Oriental Corporate Office is currently seeking to appoint a Chief Information Security Officer (CISO), a senior executive role based in either Hong Kong or London. The CISO will be responsible for defining and leading the enterprise-wide vision, strategy, and program to ensure that all information assets and technologies are effectively protected.

This global leadership role will oversee cybersecurity, IT risk management, and compliance across both corporate functions and all properties within the luxury hospitality group. The CISO will manage a distributed global team and collaborate closely with senior business leaders to embed security into daily operations and long-term strategic initiatives.

The role will be responsible for:

Strategic Leadership

· Develop and execute a global information security strategy aligned with business objectives and regulatory requirements.

· Serve as the primary advisor to the CIO and executive leadership on cybersecurity risks, emerging threats, and mitigation strategies.

· Provide regular reports to the Board or Audit Committee on cybersecurity posture, major incidents, and compliance status.

· Champion a culture of security awareness across the organization.

· Partner with business units to embed security into digital transformation initiatives and support secure adoption of emerging technologies such as cloud, IoT, and Artificial Intelligence (AI).

· Maintain awareness of security risks, trends, and capabilities across the hospitality industry, and incorporate these topics, where appropriate, into the overall Information Security strategy.

Governance & Risk Management

· Establish and maintain an enterprise-wide information security governance framework.

· Oversee IT risk management processes, including risk assessments, vulnerability management, and incident response.

· Ensure compliance with international standards (e.g., ISO 27001), data privacy regulations (GDPR, CCPA, PDPA, China’s PIPL,etc.), and industry best practices including cross border requirements.

Cybersecurity Operations

· Direct global cybersecurity operations, including threat detection, monitoring, and response.

· Implement and maintain security technologies such as firewalls, intrusion detection systems, endpoint protection, and identity management.

· Lead incident response and crisis management for security breaches. Lead enterprise-wide cyber crisis simulations and ensure business continuity planning includes cybersecurity scenarios.

· Ensure technology landscape and application integration points are secured and managed appropriately, including addressing API security and overall security reference architecture.

Policy & Compliance

· Develop and enforce security policies, standards, and procedures across corporate and hotel properties.

· Define and report on key security metrics and maturity assessments to drive continuous improvement of the security program.

· Conduct regular audits and assessments to ensure adherence to security requirements.

· Manage relationships with external auditors, regulators, and industry bodies.

Team Leadership

· Build and lead a high-performing global information security team.

· Define roles, responsibilities, and career development paths for security professionals.

· Foster collaboration across IT, operations, and business units.

· Continue to evolve and enhance security awareness and training programs for all colleagues across the organization.

Vendor & Third-Party Management

· Assess and manage security risks associated with third-party vendors and partners. Experience with third-party risk management platforms and security automation tools is preferred.

· Ensure contractual obligations include appropriate security requirements.

Budget & Resource Management

· Develop and manage the Information Security budget.

· Optimize resource allocation to balance risk and cost-effectiveness.

Communications:

· Regular communications with hotel teams, corporate teams, and vendors are required (both verbal and email)

· Planning and multi-tasking is a requirement of this position

· Communicate with hotel teams regarding outstanding tasks and deliverables, and assist in maintaining delivery and timeline expectations

· Participate in training and vendor activities concerning new technology and solutions

Administration:

· Provide management, guidance, and performance evaluations of direct reports

· Manage direct reports to effectively coordinate timelines and deliverables

· Regular international travel to corporate offices and hotel properties is required along with occasional travel to meet with security vendors, attend security conferences.

Competencies, Education and Experience:

· Bachelor’s degree in Computer Science, Information Technology, or related field; Master’s degree preferred.

· Minimum 12+ years of experience in information security, with at least 5 years in a senior leadership role.

· Proven experience managing global security programs in a complex, distributed environment.

· Experience in hospitality or luxury service industries is a plus. Familiarity with hospitality-specific risks such as guest privacy, and complex payment systems is highly desirable.

· Professional certifications such as CISSP, CISM, or CISA highly desirable.

· Strong knowledge of information security standards, cybersecurity frameworks, regulatory compliance, and risk management (e.g., PCI, SOC 1 / 2, and ISO 27001, etc.)

· Strong knowledge and experience with best practice IT service management processes and frameworks, such as ITIL.

Our commitment to you

• Learning & Development. Your success is our success. We craft unique learning and development programmes for various stages in your career so that you grow, continuously.

• MOstay. When you work as hard as our colleagues do, it’s important to take time off. As a member of the #MOfamily, you can stay with us wherever you go in the world. The MOstay programme offers complimentary nights and additionally attractive rates on rooms for you and your loved ones.

• Heath & Colleague Wellness. Finding the right work-life balance is important. Your wellbeing matters to us. A variety of health benefits and wellness programmes are offered to all our colleagues, globally.

• Retirement Plans. When you show commitment to us, we reciprocate. We offer different retirement plans depending on the length of your service and your role.

We’re Fans. Are you?