Alicia Gristmacher, manager of cybersecurity compliance operations at Hyatt, discusses how she began her journey in cybersecurity, Hyatt’s commitment to protecting people, and what she enjoys most about the cybersecurity sector.
Tell us about yourself and your background.
As a manager of cybersecurity compliance operations at Hyatt, I am responsible for the global third-party risk management (TPRM) program, which ensures the security and compliance of our vendors. I joined Hyatt in December 2021 with over 20 years of experience in TPRM, risk management, and information security. I hold an MBA with a specialization in Risk Management from New York Institute of Technology and an MS in Information Security Management with a specialization in Governance, Risk Management, and Compliance from the University of Fairfax. Additionally, I am a Certified Lean Professional (CLP), A Certified Regulatory Vendor Program Manager (CRVPM) Level V, and a Certified Vendor Management Program Risk Assessor (C-VMPRA).
Why did you decide to pursue a career in cybersecurity? How did you start your career?
I have a bachelor’s degree in Anthropology and worked for a few years for a branch of the Smithsonian. I found myself back home in my mid-twenties without a job and ended up taking a bookkeeping position with the local bank. During that time, the Gramm-Leach-Bliley Act’s (GLBA) Standards for Safeguarding Customer Information (the Safeguards Rule) took effect in 2003, and the bank I was currently working at created a new information security risk management position. This was about the same time I was pursuing my MBA. When I began reading about the position and the emerging field of information security, I was hooked. I have always had an interest in law, and I found this to be very comparable, especially related to the compliance aspect. I applied, and I guess you could say the rest is history (23 years later!).
Can you expand upon your role? What are some of your day-to-day duties?
At a high level, the cybersecurity compliance operations team manages Hyatt’s global third-party risk management program (TPRM), which includes developing, enhancing, and maintaining the process using:
- Automation tools
- Creating and maintaining governance documentation
- Planning and conducting third-party assessments
- Identifying key program metrics
- Communicating TPRM initiatives with stakeholders across the company
Hyatt’s purpose of care, “We care for people so they can be their best,” is at the heart of everything the compliance operations team does, which makes us successful. While it may seem that cybersecurity is all about technology, at its core, it is about protecting people – employees, guests, owners, etc. For any program to be effective, it needs an engaged and committed team that brings their authentic selves to their roles. This commitment helps ensure the program is not just a checkbox but a robust, evolving initiative.
The synergies between Hyatt’s purpose of care and the mission of the cybersecurity compliance operations team are abundant. We aim to protect and enrich the lives of all stakeholders through empathy, individual attention, effective communication, and the smart use of technology.
What do you enjoy most about the cybersecurity sector?
I appreciate the real-world impact of the work we do. Knowing what I do daily helps protect people’s personal information, financial assets, and even their emotional well-being is highly rewarding. It makes the work feel not just technical but also humane, akin to being a guardian within the digital world.
When did you first discover the RH-ISAC? How has the community impacted you?
I had the great opportunity to become a part of the RH-ISAC when I joined Hyatt almost two years ago. This is my first time working in the hospitality industry, and this group has been a tremendous source of information. I joined every working group I could that was pertinent to the goals compliance operations are trying to achieve within Hyatt.
What are a few of your hobbies and interests outside of your career in cybersecurity?
Since cybersecurity is a very intense field, work-life balance is extremely important and something Hyatt prioritizes. When I am not working, I love to be outdoors (gardening, camping, kayaking, etc.) and spend as much time with my family as I can. Having a teenage son who is very active in sports has me spending most of my time at the ice rink and football fields!