Senior Manager - Information Security - Applications Controls Assurance

12 Oct 2024
Apply

Job Number 24177707Job Category Information TechnologyLocation Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United StatesSchedule Full-TimeLocated Remotely? YRelocation? NPosition Type ManagementJOB SUMMARYThe Sr. Manager, Security Assurance will lead a team responsible for ensuring that all security and compliance objectives are met before the release of software and systems into production. This role will oversee both the Certification and Accreditation (C&A) process and the security-focused aspects of software/system release management. The ideal candidate will ensure that security controls are properly implemented, risks are accurately quantified, and all required testing and documentation are completed before systems are authorized for production operation. The successful candidate will be pivotal in guiding risk-aware decision-making, enhancing the company’s overall security posture, and driving continuous improvement in secure systems development and risk management practices.The ideal candidate will bring a deep understanding of data security principles and privacy regulations (e.g., GDPR, CCPA), with hands-on experience in implementing privacy-preserving security controls such as data encryption, anonymization, pseudonymization and differential privacy along with experience in risk quantification methodologies and security control testing technical. They will leverage their leadership experience mentor a team, foster collaboration and continuous professional development.CANDIDATE PROFILERequired Education and Experience

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline/experience.

7+ years of experience in information security, that includes:

a focus on Certification and Accreditation (C&A), Risk Management Framework (RMF), and/or security controls assessment.

a deep understanding of data security principles and privacy regulations (e.g., GDPR, CCPA), with hands-on experience in implementing privacy-preserving security controls such as data encryption, anonymization, pseudonymization and differential privacy.

experience with software release processes and security integration within the SDLC.

2+ years as a team lead or manager in a security role response for managing security assessments, risk management, and compliance efforts for production systems.

2+ years of experience in software/system release management, with a focus on security validation.

Preferred:

Master’s degree in Cybersecurity, Computer Science, or a related discipline.

8+ years of experience in information security, focusing on Certification and Accreditation (C&A), Risk Management Framework (RMF), and security controls assessment.

Experience with risk quantification methodologies and security control testing techniques

4+ years of experience in software/system release management, with a focus on security validation.

Comprehensive knowledge of risk management frameworks including FAIR, NIST RMF, MITRE TARA, and OCTAVE.

Deep knowledge of security frameworks such as NIST SP 800-53, ISO/IEC 27001, and PCI DSS, with a strong focus on the Risk Management Framework (RMF).

Experience with auditing security controls in alignment with RMF processes, including evaluating the effectiveness of controls against NIST 800-53, conducting assessments for compliance, and supporting authorization and accreditation activities.

Familiarity with common documentation frameworks such as the 4+1 View Model, C4 Model, and ISO/IEC/IEEE 42010, as well as UML diagrams, Arc42 templates, and Architecture Decision Records (ADRs) for consuming and interpreting architectural decisions and system design.

Proven leadership experience in regulatory environments, with strong project management skills.

Open FAIR Certification (Factor Analysis of Information Risk).

CORE WORK ACTIVITIES

Lead Security Reviews for Production Deployment - Oversee security reviews and authorizations to ensure systems meet security controls, risk management requirements, and compliance with regulatory standards.

Manage the Certification and Accreditation Process - Ensure end-to-end completion of C&A activities, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.

Oversee Security in Release Management - Ensure security validation is embedded in the software/system release process, ensuring all security controls, risk assessments, and compliance checks are complete before production release.

Ensure Security Controls Are Functioning - Manage the testing and assessment of security controls to ensure they address identified risks and are functioning as intended.

Oversee Documentation and Compliance - Ensure all required security documentation, including risk assessments, control attestations, and Plan of Action and Milestones (POA&M), is complete and accurately reflects the current security posture.

Integrate Security with SDLC - Work with engineering and system teams to integrate security controls into the SDLC and release management processes, ensuring security requirements are met throughout the development lifecycle.

Develop Metrics for Documentation Process - Implement metrics to measure the performance of the security documentation process (e.g., completion times, error rates), using these to drive continuous improvement.

Foster Ownership of Security Documentation: Clarify roles and responsibilities for security documentation across teams, ensuring clear accountability for the creation, review, and approval of security-related documents.

Collaborate with Cross-Functional Teams: Engage with DevOps, IT, engineering, compliance, and audit teams to ensure systems are compliant with internal and external security requirements before production deployment.

Lead Governance Frameworks : Leverage expertise in governance, compliance, and strategic policy-making to enhance the organization's security frameworks, including certification and accreditation processes.

Communicate with Senior Leadership: Provide regular updates to senior leadership on system security, risk posture, and release status, ensuring informed decision-making.

Drive Continuous Improvement: Continuously assess and refine security authorization and release management processes to ensure scalability, efficiency, and responsiveness to evolving security threats.

Identify and Mitigate Security Gaps: Proactively identify gaps in security controls, processes, and documentation. Develop and implement solutions to improve the efficiency and effectiveness of the security authorization process.

Cultivate a High-Performing Team

Create a compelling vision, clear direction and strategy for the team

Generate enthusiasm and understanding of the information security vision and how each role contributes to the achievement of that vision

Ensure capabilities are developed and resources are aligned to support the strategy

Attract, motivate, develop and retain highly skilled leaders; champion and model leadership development

Create and sustain a work environment that drives associate engagement and enables business success

Ensure appropriate processes are in place and executed to drive collaboration and alignment within the team and with the broader IT organization

Serve as a role model and ensure all information security leaders are visible and effective partners with IT counterparts, broader Marriott stakeholders, and service providers

Managing Work, Projects, and Policies

Coordinates and implements work and projects as assigned.

Generates and provides accurate and timely results in the form of reports, presentations, etc.

Analyzes information and evaluates results to choose the best solution and solve problems.

Develops specific goals and plans to prioritize, organize, and accomplish work.

Sets and tracks goal progress for self and others.

Monitors the work of others to ensure it is completed on time and meets expectations.

Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.

Leading Team

Hires, on-boards, trains, develops team

Creates a team environment that encourages accountability, high standards, and innovation.

Leads specific team while assisting with meeting or exceeding department goals.

Sets clear performance expectations and holds direct report accountable.

Ensures that goals are being translated to the team as they relate to tracking and productivity.

Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service.

Understands employee and develops plans to address need areas and expand on the strengths.

Provides the team with the capabilities needed to meet or exceed expectations.

Leads by example demonstrating self-confidence, energy and enthusiasm.

Conducting Human Resources Activities

Acts proactively when dealing with employee concerns.

Extends professionalism and courtesy to employees at all times.

Communicates/updates all goals and results with employees.

Meets semiannually with staff on a one-to-one basis.

Establishes and maintains open, collaborative relationships with employees.

Solicits employee feedback

The salary range for this position is $120,500 to $162,300 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.The application deadline for this position is 28 days after the date of this posting, October 11, 2024.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.

Full-time
Apply