Associate Vice President- Cyber Security

IHCL and its subsidiaries bring together a group of brands and businesses that offer a fusion of warm hospitality and world-class service. These include

Taj

• – the iconic brand for the most discerning travellers, and ranked as ‘World’s Strongest Hotel Brand’ and ‘India’s Strongest Brand’ across sectors as per Brand Finance Hotels 50 and India 100 reports 2024 respectively;
• SeleQtions , a named collection of handpicked, storied hotels; Vivanta, a chain of contemporary upscale hotels that celebrate joie de vivre;

Ginger , a brand that is revolutionizing the lean-luxe segment, and

amã Stays & Trails , a charming portfolio of private bungalows and villas set in picturesque locales. Along with our varied and latest offerings like

Gateway, The Claridges Collection, Tree of Life,

The Clarks Hotels and Resorts

and

TajSATs , IHCL has evolved from a Branded House to a

House of Brands , offering a diverse portfolio across luxury, upscale, lean luxe, and homestay segments.

Job Objective

The Associate Vice President – Cyber Security is responsible for establishing and leading IHCL’s cybersecurity program to protect the company’s information assets, guest data, and critical systems across all hotel operations and digital platforms. This mid-senior role will drive day-to-day security operations – overseeing threat monitoring, incident response, and vulnerability management – while also contributing to the strategic security roadmap to support future business growth and compliance needs. The AVP will ensure proactive defense and rapid incident handling to minimize risk, working within IHCL’s hospitality context to uphold trust and safety for guests and employees. Ultimately, this role’s objective is to continuously enhance IHCL’s security posture (processes, technologies, and policies) in alignment with industry best practices and the Tata Group’s governance standards, enabling secure digital innovation and resilience against evolving cyber threats.

Key Responsibilities

Security Operations & Incident Response :

Lead the 24×7 outsourced SOC for proactive threat detection and rapid incident handling.

Act as incident commander during major events and conduct post-incident reviews.

Threat Intelligence & Vulnerability Management :

Implement real-time threat intelligence programs and oversee VAPT cycles.

Ensure timely remediation of vulnerabilities across corporate and hotel systems.

Governance, Risk & Compliance :

Drive compliance with ISO 27001, PCI-DSS, DPDP Act, and other regulations.

Develop and enforce security policies and frameworks aligned with Tata Group standards.

Data Protection & Privacy :

Champion guest and employee data protection, ensuring GDPR and DPDP compliance.

Maintain PCI-DSS adherence for payment security across all properties.

Security Awareness & Training :

Build a culture of security through training, phishing simulations, and drills.

Technology & Architecture :

Oversee deployment of SIEM, EDR, IAM, SOAR, and cloud security solutions.

Ensure secure-by-design principles in all IT and digital initiatives.

Leadership & Vendor Management :

Mentor InfoSec teams and manage MSSP and third-party vendors for optimal performance.

Key Interfaces

Internal :

VP – IT & Digital, InfoSec team, Legal / Privacy, Risk & Audit, Hotel Ops Leadership.

External :

MSSP partners, security vendors, regulators, auditors, law enforcement.

Qualifications

Education :

Bachelor’s in IT or related field; Master’s preferred.

Certifications :

CISSP / CISM preferred; CEH, GIAC, CISA advantageous.

Experience : 10+ years in InfoSec, 5+ years in leadership roles.

Hands-on SOC and incident response experience.

Hospitality industry experience is a plus.

Behavioral Competencies

The candidate must demonstrate strong leadership and interpersonal skills. They should be able to inspire and guide teams, influence stakeholders across levels, and foster collaboration across departments. Analytical thinking is essential for solving complex problems under pressure, while clear communication skills are needed to translate technical issues into business language for non-technical audiences. A strategic mindset will help align cybersecurity initiatives with IHCL’s long-term goals, and adaptability is crucial in responding to evolving threats. Integrity and accountability are foundational, ensuring ethical decision-making and ownership of outcomes.

Functional / Technical Competencies

This role demands deep expertise in incident response, including containment, recovery, and forensic analysis. The candidate should be proficient in managing Security Operations Centers (SOC), using SIEM tools for monitoring and alerting. They must be skilled in conducting risk assessments and managing vulnerabilities, ensuring timely remediation. Familiarity with security frameworks like NIST, ISO 27001, and compliance standards such as PCI-DSS and DPDP is essential. A strong grasp of network, cloud, and application security is required, especially in hybrid environments and hotel technologies. The AVP should be experienced in deploying and managing tools like EDR, IAM, SOAR, and DLP, and capable of integrating threat intelligence into proactive defense strategies. Data protection expertise, including encryption and access control, is also critical to safeguard guest and employee information.