FLEX Senior Management, Risk Management and Compliance

JOB SUMMARY

The Senior Manager of Risk Management and Compliance supports and monitors IT governance and risk management strategies across the technology landscape that comply with applicable regulations and cybersecurity and IT policies. This strategic role is responsible for implementing technology risk mitigation strategies emerging from audits cyber threats data privacy regulations and IT operations. You will play a vital role to ensure critical technology services and capabilities remain operational stakeholders are kept abreast and financial & reputational loss is prevented.

You will help Marriotts Global Technology team build the audit and compliance muscle to effectively respond to any internal/external audits or assessments. This includes sharing best practices of internal controls with process owners conducting control readiness checks supporting the tracking and reporting of any findings with associated teams utilizing data analytics and guiding process owners to drive issue closure. You will leverage automation to gather evidence build reports status reports on compliance readiness and improve control design. Additionally this role will assist the development of proactive risk management including communicating emerging risks and advising on the implementation of expected controls for effective risk mitigation across our technology landscape - for our customers our associates and our communities. We are seeking a highly motivated individual who can bring a solution-oriented mindset and is able to deliver quality results by overcoming ambiguity.

CANDIDATE PROFILE

Required:

• Undergraduate degree in Business Finance Information Technology Cybersecurity Data Analytics Robotics or related discipline and/or equivalent experience/certification
• At least 7 years of IT leadership experience with a blend of deep technical knowledge and a customer-focused mindset that also includes:
  • 5 years in IT infrastructure risk governance audit and compliance for legacy and cloud native environments
  • 3 years leading and/or executing audits compliance activities and risk mitigation strategies
  • Experience in automation of IT governance and risk management processes
  • Working knowledge of leading industry frameworks standards best practices risk management techniques and experience in evaluating and advising the design and implementation of IT infrastructure and cybersecurity controls used for cloud/non-cloud environments
  • At least one of the professional certifications (e.g. CISA CRISC CISSP) in cybersecurity governance risk compliance audit areas
• Experience in working with cross functional sourced or matrixed teams
• Strong problem resolution skills
• Strong attention to detail with proven ability to effectively prioritize and execute tasks in a dynamic and high-pressure environment
• Excellent verbal and written communication skills for a wide range of audiences including senior leaders business stakeholders and IT teams

Preferred:

• Graduate Degree in a technical discipline
• Experience with major enterprise GRC DevSecOps cybersecurity technologies (e.g. ServiceNow Jira Confluence Splunk CrowdStrike etc.)
• Solidexperience in project/portfolio management
• Experience operating in Scaled Agile Framework environment
• Strong data analytics technical skills (e.g. PowerBI) to support reporting and BI needs

CORE WORK ACTIVITIES

• Lead and support regulatory compliance work
  • Lead the tracking of active/planned work by process owners
  • Support the maintenance of control inventory for technical environment Global Technology team owns
  • Help advise on control design implementation and effectiveness and validate the adequacy of supporting documentation
  • Assist the automation of compliance evidence gathering and reporting to drive adherence to policy and to reduce human error
  • Lead the reporting of control status at program level to senior management
• Lead and support security issue management work
  • Actively monitor and follow up on open security issues and internal audit findings on a daily basis
  • Coordinate with compliance point of contacts in other functional areas to gather status and obtain context of open security issues recommend path forward to drive issue closure and support internal and external reporting of pre-defined issue metrics
  • Serve as the key resource to provide clarification of issue management process for Global Technology issue owners
  • Support the reporting of key performance metrics to senior management
• Support the development of the Risk Management and Compliance function
  • Develop and/or enhance the standard operating procedures for risk management and compliance processes and maintain the documentation for governance operation and knowledge sharing
  • Support the alignment of risk management and compliance operations with enterprise tools and platforms
  • Lead/support the implementation of process optimization and automation of risk management and compliance operations
• Support the development of Global Technology audit and compliance program including planning activities and Global Technology control reviews covering infrastructure and operations network workplace services and infrastructure security cybersecurity cloud and third-party risk programs and projects via automation of Global Technology controls evidence gathering
  • Understand the impact on on-premises technology and cloud technology operational risk to the Global Technology organization
  • Perform control readiness review by interviewing process owners and examining supporting evidence
  • Lead kickoff status and closing meetings with team and key stakeholders and contribute to Global Technology audit knowledge base and internal practice development initiatives
  • Prepare clear written fact-based reports for the leadership use working with management to detail action steps to reduce risk
  • Assist ad hoc / special Global Technology audit and compliance projects and participate in various business initiatives to assess the impact to the internal controls environment (e.g. new system implementation pre and post reviews and automation of manual controls)
• Coordinate with external/internal auditors internal leaders and process owners to ensure engagement and timely execution of audit work impacting Global Technology organization
• Assist the development of key metrics for proactive risk management. Apply data analytics to build dashboards for effective reporting and support data-driven risk management activities
• Other duties as assigned

Managing Projects and Priorities

• Develops specific goals and plans to prioritize organize and accomplish work for self and/or team members
• Provides direction and assistance to other teams regarding projects. Determines priorities schedules plans and necessary resources to ensure completion of any projects on schedule
• Analyzes information and evaluates results to choose the best solution and solve problems
• Thinks creatively and practically to develop execute and implement new plans or programs. Generates and provides accurate and timely results in the form of reports presentations etc.
• Provides recommendations to improve the effectiveness of processes or programs
• Understands and meets the needs of key stakeholders
• Supports achievement of performance goals budget goals team goals etc.

The pay range for this position is $47.35 to $76.20 per hour.

Washington Applicants Only: Employees will accrue 0.0334 PTO balance for every hour worked and eligible to receive minimum of 9 holidays annually.

FLEX opportunities offer coverage for medical dental vision health care flexible spending account dependent care flexible spending account life insurance disability insurance accident insurance adoption expense reimbursements paid parental leave 401(k) plan stock purchase plan discounts at Marriott properties commuter benefits employee assistance plan and childcare discounts. Benefits are subject to terms and conditions which may include rules regarding eligibility enrollment waiting period contribution benefit limits election changes benefit exclusions and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid for candidates within a commuting distance to Bethesda MD; candidates outside of commuting distance to Bethesda MD will be considered for Remote positions.

The application deadline for this position is 14 days after the date of this posting June 12 2025.

Marriott International is an equal opportunity believe in hiring a diverse workforce and sustaining an inclusive people-first are committed to non-discrimination onanyprotectedbasis such as disability and veteran status or any other basis covered under applicable law.