The Manager supports the development, execution, and monitoring of security assessments to ensure compliance to Marriott's standard security controls framework and policies. The position's responsibilities include assisting in development, implementation, and maintenance of security programs, procedures and controls. This position also applies knowledge of various security technologies, such as IAM, firewalls and network segmentation, IDS/IPS, vulnerability/application scanning, and penetration testing.

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor's degree in Computer Science or related field or equivalent experience/certification
• 5+ years information technology or security experience including:
  • 3+ years' leading the design, implementation, and assessment of information security programs
  • 2+ years implementing enterprise security frameworks and processes

Preferred:

• Solid working knowledge and experience working with some or all of these security frameworks: NIST CSF, NIST 800-53, ISO27001, ISO 27002, PCI DSS.
• Current information security certification, including Certified Information Systems Security Professional (CISSP), PCI Internal Security Assessor (ISA), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
• Demonstrated understanding of key network and system security controls and of various security technologies, such as firewalls and network segmentation, IDS, vulnerability/application scanning, and penetration testing.
• Demonstrated capabilities in interpreting and understanding vulnerability scans and penetration testing results.
• Working knowledge of global regulatory standards to include GDPR within a digital business
• Demonstrated ability to apply information security policies
• Knowledge of IT security within an infrastructure environment
• Proven understanding of SDLC and/or ITIL v3 Framework
• Experience in business systems and process planning
• Knowledge of business environment, service requirements and/or hospitality culture
• Graduate/post graduate degree

CORE WORK ACTIVITIES

• Support security compliance initiatives such as SSAE 18 SOC 1 and SOC 2, ISO 27001, PCI-DSS, Global privacy regulations, and internal security reviews of the business.
• Support the security compliance program across control frameworks leveraging internal toolsets.
• Conduct audits to include: controls requirements analysis, gap assessments, and operational reviews.
• Provide structured audit reports to auditees, business partners, and other stakeholders.
• Document and track corrective and preventive actions identified during internal and external audits in support of policies and procedures.
• Work with business partners to resolve corrective actions in a timely manner.
• Respond to customer and regulatory requests regarding security services, mechanisms and safeguards.            
• Contribute to the negotiation of security language in contracts including regular communications with regulatory, privacy and legal stakeholders and active participation in both internal and external audit activities.
• Assess security programs, procedures and controls supporting the company's overall security strategy.
• Implement appropriate security policy and requirements to meet compliance with company security controls and objectives.
• Help in development of remediation efforts as needed.
• Produce status reports and metrics on policy and governance aspects to Security, IT, and business leadership.
• Contribute to formal responses to customer and regulatory requests regarding security services, policies, controls, and mechanisms.
• Maintain regular communication with regulatory, privacy and legal stakeholders (within and outside the company) and participate in both internal and external audit activities.
• Assist with special projects and documentation as needed.
• Support incident response and forensic investigations as needed.

Maintaining Goals

• Submits reports in a timely manner, ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.

Managing Work, Projects, and Policies

• Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely, accurate, and detailed status reports as requested.

Demonstrating and Applying Discipline Knowledge

• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job.
• Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

Delivering on the Needs of Key Stakeholders

• Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Demonstrates an understanding of business priorities

Additional Responsibilities

• Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
• Demonstrates self confidence, energy and enthusiasm.
• Informs and/or updates leaders on relevant information in a timely manner.
• Manages time effectively and conducts activities in an organized manner.
• Presents ideas, expectations and information in a concise, organized manner.
• Uses problem solving methodology for decision making and follow up.
• Performs other reasonable duties as assigned by manager.

This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved.