Marriott SrMgr-Information Security - Security Compliance in Topeka, Kansas
Job Number 23038458
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States
Located Remotely? Y
Position Type Management
The candidate will be responsible for IT Security Compliance including Endpoint compliance, exceptions processing and patch and lifecycle management. The candidate will be responsible for ensuring all endpoints meet Marriott’s Endpoint Security Technology policies, tracking areas of non-compliance and working with stakeholders to bring those areas back to compliance. The candidate will be also responsible for reviewing, approving and tracking any policy exceptions, vulnerability management efforts and working closely with the Risk Management team to ensure alignment of Enterprise Risk. The position manages and improves the IT Security Compliance inventory/lifecycle within our environment including inventory and monitoring of all asset assessment and data analysis, reporting and findings remediation.
Education and Experience
Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
7+ years combined information technology leadership and information security experience
3+ years’ experience implementing, managing or governing endpoint security technologies, like encryption, Anti-Virus, Endpoint-Detection & Response (EDR), Application Control technologies, network security, and host-based intrusion detection systems.
Working knowledge of IT Endpoint management tools like: Active Directory, BigFix, Tanium, CrowdStrike, Deep Security, McAfee, Bitlocker, ServiceNOW, Tenable, Kenna, Vault, Privilege Manager, Application Control, or Retina.
Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), Security+, or Certified Third-Party Risk Professional (CTPRP)
Extensive experience and expertise in security policy creation and endpoint lifecycle management, auditing methodology, and technology risk assessments
Experience with reporting dashboards and metrics tracking for Endpoint compliance within large global enterprises
Technical leadership experience in an Information Technology Outsourced (ITO) environment
Project management skills and abilities to lead and drive IT Security Compliance Projects.
Excellent communication/reporting skills and problem-solving ability related to IT Security Compliance.
Technical infrastructure operations, administration, or engineering background
Knowledge of IT Protocols such as ARP, TCP/IP, WMI, SOAP, Web Services, or Kerberos.
CORE WORK ACTIVITIES
Security Risk & Compliance
Oversees, plans and conducts security policy compliance, risk assessment, exception evaluation, and processing for applications, infrastructure, data, and third-party vendor solutions.
Consistently monitors compliance to applicable security policies and standards and reports related risk issues
Executes technical risk assessments, advises business and IT leaders on risk of initiatives/tools
Defines and executes Third Party / Vendor Security Risk Assessment programs
Oversees and evaluates documentation and validation processes to ensure the organization meets Security assurance and privacy requirements.
Assigns appropriate level of risk and drives compliance to Endpoint Security internal policies and external regulations.
Manages and administers processes and tools that identify, document, and retain intellectual capital and information content.
Conducts assessments on threats and vulnerabilities, determines deviations and level of risk. Follows up assessments with questions, gap identification, and testing on assessed risk.
Performs analysis on results and determines risk threshold.
Delivers recommendations advising leadership and vendors on present risk and whether additional remediation or action is required.
Develops, recommends, and operationalizes appropriate mitigation countermeasures. Advocates for any resulting needed policy changes.
Creates and drives development of process and policy documentation.
Managing Projects and Priorities
Functions as a strategic senior technical expert within the department.
Develops specific goals and plans to prioritize, organize, and accomplish work.
Champions leaders’ vision for product and service delivery.
Makes and executes the necessary decisions to keep moving forward toward achievement of goals.
Provides direction and assistance to other teams regarding projects.
Determines priorities, schedules, plans and necessary resources to promote completion of any projects on schedule.
Analyzes information and evaluates results to choose the best solution and solve problems.
Reviews vendor proposals and selects appropriate vendor for services/technologies/hardware.
Thinks creatively and practically to develop, execute and implement new project plans.
Generates and provides accurate and timely results in the form of reports, presentations, etc.
Plans, develops, implements, and evaluates the quality of operations.
Delivering on the Needs of Key Stakeholders
Understands and meets the needs of key stakeholders.
Communicates concepts in a clear and persuasive manner that is easy to understand.
Demonstrates an understanding of business priorities.
Supports achievement of performance goals, budget goals, team goals, etc.
Providing Technical Support and Consultation
Provides technical expertise and technical leadership within own and other teams.
Provides recommendations to improve the effectiveness of processes and programs.
Demonstrates advanced knowledge of job-relevant issues, products, systems, and processes.
Demonstrates advanced knowledge of function-specific procedures.
Applies knowledge/judgment to achieve business goals.
Foresees, identifies and resolves problems.
Keeps up-to-date technically and applies new knowledge to job.
Performs other reasonable duties as required for this position.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law. Marriott International considers for employment qualified applicants with criminal histories consistent with applicable federal, state and local law.
Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you?