JOB SUMMARY

The candidate will be responsible for IT Security Compliance, including Endpoint compliance and exceptions processing. The candidate will be responsible for ensuring all endpoints meet Marriott’s Endpoint Security Technology policies, tracking areas of non-compliance and working with stakeholders to bring those areas back to compliance. The candidate will be also responsible for reviewing, approving and tracking any policy exceptions and working closely with the Risk Management team to ensure alignment of Enterprise Risk. The position manages and improves the IT Security Compliance inventory/lifecycle within our environment including inventory and monitoring of all asset assessment and data analysis, reporting and findings remediation.

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
• 7+ years of information technology leadership experience
• 3+ years’ experience implementing, managing or governing endpoint security technologies, like encryption, Anti-Virus, Endpoint-Detection & Response (EDR), Application Control technologies, network security, and host-based intrusion detection systems.

Preferred:

• Working knowledge of IT Endpoint management tools like: Active Directory, BigFix, Tanium, CrowdStrike, Deep Security, McAfee, Bitlocker, ServiceNOW, Tenable, Vault, Privilege Manager, Application Control, or Retina.
• Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP), Security+, or Certified Third Party Risk Professional (CTPRP)
• Extensive experience and expertise in security policy creation and endpoint lifecycle management, auditing methodology, and technology risk assessments
• Experience with reporting dashboards and metrics tracking for Endpoint compliance within large global enterprises
• Technical leadership experience in an Information Technology Outsourced (ITO) environment
• Project management skills and abilities to lead and drive IT Security Compliance Projects.
• Excellent communication/reporting skills and problem-solving ability related to IT Security Compliance.
• Technical infrastructure operations, administration, or engineering background
• Knowledge of IT Protocols such as ARP, TCP/IP, WMI, SOAP, Web Services, or Kerberos.

CORE WORK ACTIVITIES

Security Risk & Compliance

• Oversees, plans and conducts security policy compliance, risk assessment, exception evaluation, and processing for applications, infrastructure, data, and third-party vendor solutions.
• Consistently monitors compliance to applicable security policies and standards and reports related risk issues
• Executes technical risk assessments, advises business and IT leaders on risk of initiatives/tools
• Defines and executes Third Party / Vendor Security Risk Assessment programs
• Oversees and evaluates documentation and validation processes to ensure the organization meets Security assurance and privacy requirements.
• Assigns appropriate level of risk and drives compliance to Endpoint Security internal policies and external regulations.
• Manages and administers processes and tools that identify, document, and retain intellectual capital and information content.
• Conducts assessments on threats and vulnerabilities, determines deviations and level of risk. Follows up assessments with questions, gap identification, and testing on assessed risk.
• Performs analysis on results and determines risk threshold.
• Delivers recommendations advising leadership and vendors on present risk and whether additional remediation or action is required.
• Develops, recommends, and operationalizes appropriate mitigation countermeasures. Advocates for any resulting needed policy changes.
• Creates and drives development of process and policy documentation.

.

Managing Projects and Priorities

• Functions as a strategic senior technical expert within the department.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Champions leaders’ vision for product and service delivery.
• Makes and executes the necessary decisions to keep moving forward toward achievement of goals.
• Provides direction and assistance to other teams regarding projects.
• Determines priorities, schedules, plans and necessary resources to promote completion of any projects on schedule.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Reviews vendor proposals and selects appropriate vendor for services/technologies/hardware.
• Thinks creatively and practically to develop, execute and implement new project plans.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Plans, develops, implements, and evaluates the quality of operations.

Delivering on the Needs of Key Stakeholders

• Understands and meets the needs of key stakeholders.
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Demonstrates an understanding of business priorities.
• Supports achievement of performance goals, budget goals, team goals, etc.

Providing Technical Support and Consultation

• Provides technical expertise and technical leadership within own and other teams.
• Provides recommendations to improve the effectiveness of processes and programs.
• Demonstrates advanced knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates advanced knowledge of function-specific procedures.
• Applies knowledge/judgment to achieve business goals.
• Foresees, identifies and resolves problems.
• Keeps up-to-date technically and applies new knowledge to job.
• Performs other reasonable duties as required for this position.

This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved.