It's a great time to join us at Airlines Reporting Corporation (ARC)! ARC accelerates the growth of global air travel by delivering forward-looking travel data, flexible distribution services and other innovative industry solutions. We are a leading travel intelligence company with the world’s largest, most comprehensive global airline ticket dataset, including more than 15 billion passenger flights. By working here, you can contribute to solutions and expertise that strengthen economies and enrich lives. We think big, embrace challenges and explore new ideas to lead the way for the travel industry.

ARC is looking for a Lead, Risk & Compliance to join our Corporate Security team! In this role you will plan, oversee and manage projects and programs that support the company’s goal to be a trusted and secure brand, including enterprise risk management, business resiliency, IT asset management, audit-readiness, maintenance, technology compliance and coordination of the PCI and ISO programs at ARC.  You will maintain a risk management framework and monitor, assist and control assigned business and IT compliance projects.  You will collaborate in a cross-functional team setting to ensure business needs are properly translated into comprehensive business and technical details using a common set of baseline tools and templates.  You will monitor risks and recommend mitigation strategies to business leaders.  You will provide support and guidance to the business and IT staff on risk-related issues. Liaison with Risk Management Council to maintain risk oversight, visibility and compliance.

1. Develop and lead ARC’s Enterprise Risk Management function. Work across the company so that risk owners understand their risk program responsibilities, evaluation, remediation, documentation, and reporting. Develop strategy, establish transparent and measurable risk management metrics and reporting for Enterprise Risk, ISO and PCI Programs on an ongoing basis.
2. Provide Oversight of Security & Privacy Compliance Programs. Manage and oversee ARC’s ISO 27001, 27701 and PCI programs (policies, standards, requirements, guidelines and baselines), ensure sustained certification, audit readiness, and alignment with regulatory and industry requirements. Set program priorities and guide technology compliance strategy.
3. Serve as Enterprise SME on Risk, Security and Compliance. Act as ARC’s senior subject matter expert to maintain certification of ISO and compliance with card brand security standards PCI DSS. Identify and work with respective owners for the mitigation of risk for IT processes which are not compliant with information security and risk and compliance framework requirements to protect business operations and reputation.
4. Lead Business Resiliency Strategy and Execution. Oversee enterprise business continuity and resilience capabilities, including BIAs, BCPs, EAPs and annual testing. Ensure resilience principles are embedded across the organization to safeguard critical operations.
5. Risk Oversight. Provide strategic oversight of vendor risk management, service provider risk evaluation, and IT asset governance. Ensure lifecycle controls, contractual security requirements, and risk remediation processes are effective across the enterprise.
6. Influence Leaders to Create a Risk-Aware Culture and Cross-Functional Accountability. Educate and promote enterprise-wide awareness of risk and control responsibilities, establish communications channels with stakeholders, and ensure business leaders remain informed of evolving risk profiles and required actions. Collaborate with Security Assurance Team to validate and test vulnerability software automated controls.

• Bachelors degree in Business, Accounting, Finance, Information Systems or a related discipline preferred; equivalent experience considered.
• At least 6 years leading a risk and compliance organization for an IT development company.
• Excellent analytical abilities and communication skills are essential for this role, as well as passion for problem solving, a desire to learn, and the ability to work in a team environment.
• A strong background in Information Security practices and methodologies is required.
• Demonstrated skills working with various IT technologies and services.
• Experience with new technologies such as mobile, analytics, and cloud computing.
• Cyber Threat and Vulnerability management experience.
• Technology/Information Security/Risk Management experience.
• Able to adapt and rapidly learn new technologies and apply their findings to solve key business challenges.
• Proven record of successfully managing issues to resolution, and the ability to trace a problem to root cause.
• Strong organizational skills to handle multiple projects at one time
• Exceptional written and verbal communication skills along with strong listening skills
• Experience communicating both conceptual and technical information
• Experience establishing strategic plans and leading teams in the implementation of the strategy
• Experience working with third-party providers
• Experience driving change within an organization
• Knowledge to develop and interpret standards, policies, procedures, and strategy governing the planning & delivery of risk services
• Demonstrated ability to solve complex problems and identify solutions to challenging business problems
• Demonstrated ability to manage/organize
• Strong analytical, facilitation, documentation, and communication skills · Effective leadership, coaching, and development skill

ARC123