Manager, Continent Information Security Partnership, APEC (1 Year Contract)

JOB SUMMARY

The Manager Continent Information Security Partnerships Property Security Compliance is a key role in continent security aspects relating to planning executing and managing the Marriott Security Compliance Assessment program providing the necessary support to above property and on property teams. The objective for this role is to attain maximum security compliance status and ensure that all IT Operations in the continent follow the company security standards. Enforce Marriott Security Standards and requirements for properties. The role will perform tracking and reporting on the established security policies and processes as implemented at the hotels and will have a direct reporting line to the Senior Director/Director Continent Information Security Partnerships.

This position maintains strong relationships with and provides support to Area Operation/IT Leaders with continent operations and provides assistance in liaising with additional teams within Information Security and will require to travel for up to 75% of the work capacity.

CANDIDATE PROFILE

Education and Experience

• 5 years Information Technology or information security work experience including:
• 3 years in executing technology plans and/or information security projects programs and/or portfolios
• 2 years in implementing enterprise security risk management frameworks and processes.
• Bachelors degree in Computer Sciences Information Technology Information Security Cybersecurity or related field or equivalent field experience.
• Fluent in English both spoken and written.

Preferred:

• Professional certifications related to security assessment such as CISA CRISC PCI ISA ISO/IEC 27001 Lead Auditor etc.
• Hotel IT Management.
• Cybersecurity experience.
• Good understanding of PCI DSS and NIST CSF.
• Expert level understanding of key network and technical security controls.
• Experience participating in and coordinating activities for security incident responses.
• Knowledge of global regulatory standards to include GDPR and CCPA.
• Ability to demonstrate security experience via certifications (CISSP CISM etc.) or significant career accomplishments.
• Demonstrated ability to apply organizational information security policies at a discipline unit level.
• Knowledge of IT security within an infrastructure environment.
• Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience in business systems and process planning.
• Graduate/postgraduate degree.

CORE WORK ACTIVITIES

• Lead and execute audits security assessments and control reviews across infrastructure applications data cloud and third-party services.
• Evaluate the effectiveness of information security controls (technical and administrative) aligned with corporate standards.
• Perform risk-based assessments and identify vulnerabilities non-compliances and improvement opportunities.
• Review historical audit and assessment findings and real-time observations both internal and external to determine areas for improvement including developing and disseminating best practices standardized configurations and implementation guides across the hotel portfolio.
• Review artifacts interview key stakeholders and identify areas for improvement.
• Develop and manage the end-to-end audit or assessment program including planning scoping scheduling stakeholder engagement fieldwork and follow-up.
• Organize and facilitate kick-off meetings status updates walkthroughs and closing sessions.
• Track and report audit timelines milestones and risk issues to ensure timely completion.
• Build relationships and collaborate with key stakeholders to develop pragmatic remediation plans and track closure progress through defined follow-up cycles.
• Prepare clear concise and well-structured audit reports with actionable findings and risk ratings.
• Provide input on risk treatment strategies control enhancements and policy updates.
• Develop effective communication plans to collaborate with the stakeholders by customizing individual needs.
• Contribute to the maturity of the information security internal audit methodology templates and knowledge base.

Additional Functions

• Represents Security in signing off on new property openings reviewing the implemented policies and controls.
• Provides tactical communications and issues remediation planning and implementation with the continent IT Operations team.
• Signs off the new property openings including tracking that all necessary information on the property systems and security readiness is registered such as application inventory.
• Facilitates educational calls materials and meetings to the Continent IT Operations and field associates
• Tracks the compliance performance of the continent and work with on property IT associates along with the Area IT Managers towards issues remediations providing necessary escalations and follow ups to the respective teams.
• Reporting on security & compliance related metrics to different stakeholders including GIS Continent leadership
• Provides answers to general questions and queries around IT security and other related queries.
• Identifies learning and knowledge gaps and facilitates educational calls materials and meetings to the Continent IT Operations and field associates

Additional Responsibilities

• Informs updates and provides information to supervisors co-workers and subordinates by telephone in written form e-mail or in person in a timely manner.
• Attends and participates in all relevant meetings.
• Presents ideas expectations and information in a concise organized manner.
• Uses problem solving methodology for decision making and follow up.
• Maintains positive working relations with internal customers and department managers.
• Manages time effectively and conducts activities in an organized manner.
• Performs other reasonable duties as assigned by manager.

Marriott International is an equal opportunity believe in hiring a diverse workforce and sustaining an inclusive people-first are committed to non-discrimination onanyprotectedbasis such as disability and veteran status or any other basis covered under applicable law.