Director, Information Security - Security Compliance - Bethesda

Company: Corporate
Location: Bethesda
Posted on: November 17, 2022

Job Description:

b'Job Number 22166794 Job Category Information Technology Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP Schedule Full-Time Located Remotely? Y Relocation? N Position Type Management /xef/xbb/xbf JOB SUMMARY The Director of Security Compliance drives endpoint security compliance and exceptions management as part of the Security Compliance team. They are responsible and accountable for assessing the baseline security compliance posture across the enterprise using quantitative methods. The candidate will be responsible for ensuring all endpoints meet Marriott/xe2/x80/x99s Endpoint Security Technology policies, tracking areas of non-compliance and working with stakeholders to bring those areas back to compliance. The position manages and improves the IT Security Compliance inventory/lifecycle within our environment including inventory and monitoring of all asset assessment and data analysis, reporting and findings remediation. Collaborates broadly across the IT, business organizations, and international teams to define and communicate security risks. This role will provide a wholistic view of Marriott International/xe2/x80/x99s security compliance profile and will communicate that profile to all levels of the company. CANDIDATE PROFILE Education and Experience Required: Bachelor/xe2/x80/x99s degree in Computer Sciences or related field or equivalent experience/certification 8+ years of information technology leadership experience that include implementing, managing, or governing security technologies, including encryption, network security, intrusion detection and digital forensics 5+ years of information technology leadership experience 4+ years/xe2/x80/x99 experience direct management of a team 4+ years/xe2/x80/x99 experience implementing, managing, or governing endpoint security technologies, like encryption, Anti-Virus, Endpoint-Detection & Response (EDR), Application Control technologies, network security, and host-based intrusion detection systems. Attributes Strong verbal and written communication skills with the ability to articulate complex technical ideas in easy to understand business terms. Ability to effectively prioritize and execute tasks in a high-pressure environment. Strong negotiating, influencing and problem resolution skills Preferred: Experience in implementation or management of Endpoint Security Compliance programs. Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) Knowledge of IT security within an infrastructure environment Technical leadership experience in an Information Technology Outsourced (ITO) environment Knowledge of ServiceNow and the GRC module within ServiceNow. Knowledge of IT Protocols such as ARP, TCP/IP, WMI, SOAP, or Web Services. Reviewing and assessing the risk of service providers. Managing and governing of security policies Experience assessing a 3-tiered system architecture (Web Server, App Server & Database) Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action Understanding of IT financial structures and ability to manage to corporate financial practices and goals, including drivers of process cost Graduate/post graduate degree CORE WORK ACTIVITIES Security Risk & Compliance Validates the process for and monitoring and reporting of security risks Oversees, plans, and conducts security policy compliance, risk assessment, exception evaluation, and processing for applications, infrastructure, data, and third-party vendor solutions. Consistently monitors compliance to applicable security policies and standards and reports related risk issues Executes technical risk assessments, advises business and IT leaders on risk of initiatives/tools Provides consultative services to a broad range of internal business leaders on risk and IT security to determine current and target risk levels. Develop remediation plans. Monitor progress of agreed upon remediation plans. Provide deep expertise in computer network theory, IT standards and protocols, as well as an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation. Provides guidance and educates the organization in risk management principles and practices Communicates with Subject Matter Experts to determine expected impact and likelihood of loss events Maintain endpoint security Metrics and consults with Metrics teams to ensure metrics are accurately represented in the Enterprise Metrics program. Assigns appropriate level of risk and drives compliance to Endpoint Security internal policies and external regulations. Manages and administers processes and tools that identify, document, and retain intellectual capital and information content. Manages in the evaluation and selection of security and risk management services products Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization/xe2/x80/x99s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations. Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures. Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products. Cultivate a High-Performing Team Create a compelling vision, clear direction, and strategy for the team Generate enthusiasm and understanding of the information security vision and how each role contributes to the achievement of that vision Ensure capabilities are developed and resources are aligned to support the strategy Attract, motivate, develop, and retain highly skilled leaders, champion, and model leadership development Create and sustain a work environment that drives associate engagement and enables business success Ensure appropriate processes are in place and executed to drive collaboration and alignment within the team and with the broader IT organization Serve as a role model and ensure all information security leaders are visible and effective partners with IT counterparts, broader Marriott stakeholders, and service providers Delivering on the Needs of Key Stakeholders Understands and meets the needs of key stakeholders. Communicates concepts in a clear and persuasive manner that is easy to understand. Demonstrates an understanding of business priorities. Supports achievement of performance goals, budget goals, team goals, etc. Providing Technical Support and Consultation Provides technical expertise and technical leadership within own and other teams. Provides recommendations to improve the effectiveness of processes and programs. Demonstrates advanced knowledge of job-relevant issues, products, systems, and processes. Demonstrates advanced knowledge of function-specific procedures. Applies knowledge/judgment to achieve business goals. Foresees, identifies and resolves problems. Keeps up-to-date technically and applies new knowledge to job. Performs other reasonable duties as required for this position This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved. Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law. Marriott International is the world/xe2/x80/x99s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you?'

Keywords: Corporate, Bethesda , Director, Information Security - Security Compliance - Bethesda, Executive , Bethesda, Maryland