VP, Cybersecurity

VP, Cybersecurity – based in Melville, NY

Accommodations Plus International (API) is the global leader in crew accommodation and travel logistics, powering over 18 million crew room nights each year for 100+ airlines and travel operators worldwide. Our global reach ensures that airline crews are rested, transported, and connected so global aviation runs on time.

We are seeking a Vice President of Cybersecurity to lead the development and execution of our enterprise-wide cybersecurity strategy. This is a high‑impact and hands‑on role – perfect for a seasoned security leader who enjoys rolling up their sleeves and being involved in technical execution. As the cybersecurity function grows, this role will have the opportunity to build out and manage a team.

From designing secure systems to responding to threats in real time, you’ll be the go‑to expert protecting our IT systems, applications, and data. A blend of technical and interpersonal skills are needed to influence all levels of the organization and strengthen our security posture.

• Develop and implement a comprehensive security strategy aligned with business goals
• Minimize security incidents and ensure proactive defense mechanisms
• Establish compliance with standards to meet client and business needs
• Cybersecurity awareness and best practice compliance is actively practiced across API

• Own and evolve enterprise‑class security systems
• Implement and maintain compliance with multiple standards (ISO
  27001, SOC2 TYPE 2, GDPR & PCI‑DSS)
• Align standards, frameworks and security with overall business and technology strategy
• Identify and communicate current and emerging security threats
• Design security architecture elements to mitigate threats as they emerge
• Work with software applications leaders to ensure software applications meet highest security best practices and address OWASP, Sonar Qube and Qualys findings
• Create solutions that balance business requirements with information and cyber security requirements
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Provide training and foster awareness of security best practices to company team members
• Conduct regular system tests and ensure continuous monitoring of network and applications security
• Establish and test disaster recovery procedures and conduct breach of security drills
• Promptly respond to all security incidents and provide thorough post‑event analysis

• 15+ years of experience in cybersecurity, security architecture or computer network defense or equivalent
• Strong, proven skills at indirect leadership through influence to ensure all employees are practicing best in class security management
• In‑depth knowledge and experience with relevant National Institute of Standards and Technology (NIST) standard, ISO
  27001 specifications, SOC2 TYPEII attestation and PCI‑DSS certification
• Direct experience handling advanced cybersecurity incidents and associated incident response toolsets
• Proven subject matter expertise in computer forensics, incident response and follow‑up, intrusion analysis, malware analysis, and security engineering
• Demonstrated ability to identify and address risks associated with business processes, operations, information security programs and technology projects
• Deep understanding and practical use of security principles, architecture and emerging technologies
• Solid understanding of Windows,
  * NIX, and Cloud Security (AWS and Azure)
• Managing the design and implementation of digital security solutions, including continuous monitoring and improvements to those solutions
• Managing third‑party suppliers and partners of security related tools and services
• Pragmatic hands‑on knowledge and experience with security considerations of cloud computing, including data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, Advanced Persistent Threats (APTs), data loss and Denial of Service (DoS) attacks
• Demonstrated experience in identity and access management (IAM)
• Prior management of an enterprise‑level incident response team and security operations…