Hospitality organizations operate in one of the most complex cyber environments of any industry, blending guest data, loyalty platforms, payment systems, OT, and globally distributed properties that must remain always-on. Cyber leaders in this sector must balance seamless guest experiences with rigorous security controls, often under intense regulatory and threat pressure. The CISOs highlighted below are shaping resilient, business-aligned security programs for some of the world’s most recognizable hotel and resort brands.
Garth Kippen — Director of Information Security, Hilton Grand Vacations
Garth Kippen brings more than 25 years of experience across IT and cybersecurity, currently serving as Director of Information Security at Hilton Grand Vacations. Throughout his career, he has helped organizations strengthen their security posture, manage risk effectively, and align technology initiatives with strategic business objectives.
Garth has led global teams, driven large-scale IT transformations, and guided organizations through complex mergers and integrations. His leadership emphasizes practical, business-aligned security solutions, from building resilient infrastructure to managing incidents and anticipating emerging threats. Certified as a Chief Information Security Officer (C|CISO) and ITIL-qualified, Garth blends technical depth with strategic insight and collaborative leadership to support hospitality operations at scale.
David Jordan — Senior Vice President & Chief Information Security Officer, IHG Hotels & Resorts
David Jordan is an information security executive responsible for the strategic design and ongoing management of IHG’s global information security program. His approach is built on a convergence model that integrates cyber, physical, personnel, and travel security, all underpinned by a robust threat intelligence capability.
His expertise spans information security, data privacy, disaster recovery, business continuity, identity management, and global IT execution. By operating security as an integrated risk function, David helps IHG protect guests, employees, and operations across a vast international footprint. His leadership reflects the evolving reality of hospitality security, where digital and physical risks increasingly intersect.
Badi Ibrahim — Global Head of Hotels & Hubs IT Security, Accor
Badi Ibrahim leads hotel and hub security for Accor globally, overseeing a team of more than 20 CISOs and cybersecurity experts across eight regional hubs, including Europe, MEAIT, the Americas, and Asia-Pacific. His background spans telecommunications, hospitality, and higher education, with deep expertise in security governance and digital transformation.
Previously serving as CISO for Accor Southern Europe from 2020 to 2024, Badi was responsible for day-to-day cybersecurity operations, risk mitigation, and regulatory compliance across the region. His scope covered infrastructure and cloud security, application security testing, SOC operations, privacy and compliance frameworks, and security awareness. Today, he continues to scale Accor’s cybersecurity maturity across one of the world’s largest hotel groups.
Stephen Harrison — Senior Vice President & Chief Information Security Officer, MGM Resorts International
Stephen Harrison is a passionate information security leader with more than 18 years of experience designing and implementing enterprise security programs across manufacturing, healthcare, retail, and hospitality. At MGM Resorts International, he leads cybersecurity strategy across environments ranging from data centers to cloud platforms.
His expertise includes penetration testing, threat hunting, incident response, digital forensics, and risk management. Stephen has led initiatives spanning PCI, SOX, GDPR, ICS/IoT security, e-commerce protection, third-party risk, and security operations. Known for combining deep technical knowledge with pragmatic execution, he focuses on resilience, recovery, and protecting high-availability environments critical to hospitality and entertainment operations.
Will DeMar — Chief Information Security Officer, Mandarin Oriental Hotel Group
Will DeMar is a seasoned information security, IT risk, compliance, and privacy leader with more than two decades of experience advising executives across government, healthcare, and global corporate environments. As CISO of Mandarin Oriental Hotel Group, he provides strategic leadership across cybersecurity, cloud security, privacy, and incident response programs.
He has led globally dispersed teams responsible for security architecture, engineering, operations, and compliance, applying frameworks such as NIST, ISO 27001, PCI-DSS, GDPR, and CCPA. Will is known for building mature, scalable security programs that protect enterprise environments while supporting premium guest experiences and global operations in a luxury hospitality context.
Tim Dawson — Group Chief Information Security Officer, Caesars Entertainment, Inc.
Tim Dawson is an executive security leader with more than 20 years of global financial and enterprise security experience, complemented by time leading security startups. At Caesars Entertainment, he serves as Group CISO and Head of Technology Infrastructure and Technology Risk.
His specialties include security strategy and execution, threat and vulnerability management, incident response, data loss prevention, and security analytics. Tim is recognized as a change agent who redefines enterprise security by aligning architecture, engineering, and risk controls with business outcomes. His leadership supports one of the most complex hospitality and entertainment environments in the world, spanning hotels, casinos, and digital platforms.
Securing Trust in a Guest-First Industry
In hospitality, cybersecurity is inseparable from trust, safety, and brand reputation. The CISOs featured here protect not only sensitive data and payment systems, but also the uninterrupted experiences guests expect around the world. Through integrated risk management, global leadership, and business-aligned security strategies, these leaders are redefining what cyber resilience looks like in an industry built on service, scale, and trust.