Manager - Information Security - Data Governance

at Marriott in Springfield, Illinois, United States

Job Description

Job Number 24134403

Job Category Information Technology

Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States

Schedule Full-Time

Located Remotely? Y

Relocation? N

Position Type Management

JOB SUMMARY

Develops policies and standards to support new initiatives or required changes and enhancements due to ever-changing technology landscapes and security regulations. Analyzes existing organizational security policies, standards and controls to ensure alignment with the business environment and the company’s risk appetite. Drafts new and maintains existing policies by coordinating reviews with the organization’s policy stakeholders, reviewing any changes and making updates as needed to meet evolving security needs, obtaining leadership signoff of changes and manages publication of the security policies to content management tools for organization consumption.

CANDIDATE PROFILE

Education and Experience

Required:

+ Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification

+ 5+ years of information technology and/or security experience with:

+ 2+ years’ experience creating and managing policies and standards in support of security technologies such as encryption, network security, identity and access management or vulnerability management

+ Experience with industry security frameworks including NIST Cybersecurity Framework, NIST SP 800-53, PCI-DSS, Cloud Security Alliance, or ISO 27000 series standards and guidelines.

Preferred:

+ Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

+ Technical leadership experience

+ Project management skills

+ Excellent communication skills and problem-solving ability

+ Demonstrated ability to work independently and with others

+ Ability to manage the details and compliance with standards and expectations

+ Technical infrastructure operations, administration, or engineering background

CORE WORK ACTIVITIES

Security Policy

+ Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.

+ Defines strategy and roadmap, provides governance, creates standards and guidelines, and reviews and approves architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.

+ Conducts security and privacy technology research and assessments and integration processes; provides and supports a prototype capability and/or evaluates its utility.

+ Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.

+ Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content (e.g., policies, standards, processes and procedures).

+ Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products.

+ Applies knowledge of priorities to define an entity’s direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.

+ Conducts training of personnel within pertinent subject domain. Develops, plans, coordinates, delivers, and/or evaluates training courses, methods, and techniques as appropriate.

+ Manages and measures information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, risk management, security awareness, and other resources.

MANAGEMENT COMPETENCIES

Leadership

+ Communication – Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.

+ Leading Through Vision and Values – Keeps the organization’s vision and values at the forefront of employee decision making and action.

+ Managing Change – Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.

+ Problem Solving and Decision Making – Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.

+ Professional Demeanor – Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.

+ Strategy Development – Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.

Managing Execution

+ Building a Successful Team – Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.

+ Strategy Execution – Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.

+ Driving for Results – Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.

Building Relationships

+ Customer Relationships – Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company’s service standards.

+ Global Mindset – Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.

+ Strategic Partnerships – Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed.

Generating Talent and Organizational Capability

+ Developing Others – Suppo