Manager - Information Security - Data Governance

Job Number 24134403Job Category Information TechnologyLocation Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United StatesSchedule Full-TimeLocated Remotely? YRelocation? NPosition Type ManagementJOB SUMMARYDevelops policies and standards to support new initiatives or required changes and enhancements due to ever-changing technology landscapes and security regulations. Analyzes existing organizational security policies, standards and controls to ensure alignment with the business environment and the company’s risk appetite. Drafts new and maintains existing policies by coordinating reviews with the organization's policy stakeholders, reviewing any changes and making updates as needed to meet evolving security needs, obtaining leadership signoff of changes and manages publication of the security policies to content management tools for organization consumption.CANDIDATE PROFILEEducation and ExperienceRequired:

Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification

5+ years of information technology and/or security experience with:

2+ years’ experience creating and managing policies and standards in support of security technologies such as encryption, network security, identity and access management or vulnerability management

Experience with industry security frameworks including NIST Cybersecurity Framework, NIST SP 800-53, PCI-DSS, Cloud Security Alliance, or ISO 27000 series standards and guidelines.

Preferred:

Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

Technical leadership experience

Project management skills

Excellent communication skills and problem-solving ability

Demonstrated ability to work independently and with others

Ability to manage the details and compliance with standards and expectations

Technical infrastructure operations, administration, or engineering background

CORE WORK ACTIVITIESSecurity Policy

Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.

Defines strategy and roadmap, provides governance, creates standards and guidelines, and reviews and approves architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.

Conducts security and privacy technology research and assessments and integration processes; provides and supports a prototype capability and/or evaluates its utility.

Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.

Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content (e.g., policies, standards, processes and procedures).

Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products.

Applies knowledge of priorities to define an entity’s direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.

Conducts training of personnel within pertinent subject domain. Develops, plans, coordinates, delivers, and/or evaluates training courses, methods, and techniques as appropriate.

Manages and measures information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, risk management, security awareness, and other resources.

MANAGEMENT COMPETENCIESLeadership

Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.

Leading Through Vision and Values - Keeps the organization's vision and values at the forefront of employee decision making and action.

Managing Change - Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.

Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.

Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.

Strategy Development - Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.

Managing Execution

Building a Successful Team - Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.

Strategy Execution – Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.

Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.

Building Relationships

Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company’s service standards.

Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.

Strategic Partnerships - Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed.

Generating Talent and Organizational Capability

Developing Others - Supports the development of other’s skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively.

Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit.

Learning and Applying Professional Expertise

Continuous Learning - Actively identifies new areas for learning; regularly creates and takes advantage of learning opportunities; uses newly gained knowledge and skill on the job and learns through their application.

Technical Acumen - Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach function-specific work challenges

Technical Intelligence : Knowledge and ability to define and apply appropriate technology to enhance business process

Development Methodologies : Knowledge of general stages of SDLC framework and the application tiers within the development space.

Information Security : Knowledge of the security considerations relevant within the development space, including industry best practices related to information security

Business Acumen - Understands and utilizes business information to manage everyday operations and generate innovative solutions to approach business and administrative challenges.

Basic Competencies - Fundamental competencies required for accomplishing basic work activities.

Basic Computer Skills - Using basic computer hardware and software (e.g., personal computers, word processing software, Internet browsers, etc.).

Mathematical Reasoning - The ability to add, subtract, multiply, or divide quickly, correctly, and in a way that allows one to solve work-related issues.

Oral Comprehension - The ability to listen to and understand information and ideas presented through spoken words and sentences.

Reading Comprehension - Understanding written sentences and paragraphs in work related documents.

Writing - Communicating effectively in writing as appropriate for the needs of the audience.

The salary range for this position is $83,550 to $153,175 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.The application deadline for this position is 5 days after the date of this posting, August 2, 2024.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.