Director, Vulnerability Management Solutions

JOB SUMMARY:

The Marriott Enterprise Vulnerability Management group oversees attack surface reduction across a wide range of enterprise cloud data center and property locations. Our team members are passionate about protecting our data systems and service delivery functions across the globe against a broad range of adversaries. The Director Vulnerability Management Solutions is responsible for the strategy maintenance and execution of Vulnerability Management solutions for the Global Enterprise. This role leads a team of security professionals to deploy maintain and operate enterprise vulnerability management assessment and reporting solutions. It participates in the selection implementation and optimization of enterprise vulnerability management solutions and guides reviews and documents internal systems review activities. This role requires an in-depth technical knowledge of security engineering and vulnerability management solutions. It also requires an understanding of the lifecycle of cyberspace threats attack vectors and methods of exploitation especially as they relate to global environment. It requires participation in designing building and maintaining integrations between various internal and SaaS applications. Maintaining operational and technical documentation related to the operational lifecycle of supported solutions is required as is identifying improvements to ensure the inclusion of appropriate quality of delivery and compliance with security policy and regulations.

CANDIDATE PROFILE

Required Education and Experience

• Bachelors degree in Computer Sciences or related field or equivalent experience/certification

• 8 years of information technology leadership experience

• 5 years direct management of cross functional sourced or matrixed teams including experience managing a remote workforce

• 4 years experience implementing managing and governing enterprise grade vulnerability management technologies including:
  • Vulnerability assessment solutions
  • Risk based vulnerability reporting solutions
  • External Attack Surface Management solutions

• 4 years experience delivering positive business outcomes managing a blend of multi-vendor information security solutions

Preferred:

• Current information security certification including Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) or GIAC Security Leadership (GSLC)

• Ability to communicate security concepts and needs to wide range of technical and non-technical stakeholders

• Experience evaluating selecting and deploying SaaS and on-premise solutions.

• Experience working with large data sets to develop performance and reliability reporting.

• Working knowledge of IT security within an enterprise environment and multi-cloud environments

• Knowledge of automation development code development using the Python programming language and SOAR solutions.

• Strong negotiating influencing and problem resolution skills

• Proven ability to effectively prioritize and execute tasks in a high-pressure environment

• Experience in business systems and process planning

• Experience with workflow solutions including ServiceNow and Jira

• Experience in workflow and planning methodologies including Agile and Objectives and Key Results

• Ability to translate information security objectives into beneficial business strategies

• Demonstrated ability to assess company needs creatively approach solutions and influence appropriate courses of action

CORE WORK ACTIVITIES

Vulnerability Management

• Lead and develop the Vulnerability Solutions Support team to support enterprisewide remediation.

• Provide technical leadership and governance for vulnerability management and remediation programs.

• Define track and report KPIs and riskbased outcomes to senior leadership.

• Maintain and scale tooling with Infrastructure partners aligned to strategic and project priorities.

• Evaluate and select security services and products; and validate solution effectiveness.

• Assess the environment for gaps and recommend improvements and investments.

• Stay current on industry trends and clearly communicate the business value of security solutions.

• Develop and continuously improve metrics/KPIs for the vulnerability solutions program

Managing Work Projects and Priorities

• Coordinate and implement work and assigned projects.

• Ensure accurate and timely artifacts in the form of reports presentations etc.

• Analyze information to choose the best solution and solve problems.

• Develop and manage plans to prioritize organize and accomplish work.

• Set and track goal progress for self and others.

• Assist other organizational units with associated technology efforts

Leading Team

• Create a team environment that encourages accountability high standards and innovation.

• Lead own team while assisting with meeting or exceeding larger department goals.

• Ensure others understand performance expectations.

• Ensure that goals are being translated to the team as they relate to tracking and productivity.

• Create and nurture an environment that emphasizes motivation empowerment teamwork and continuous improvement

• Develop plans to address staff needs and expand on their strengths.

• Inspire the team to meet or exceed expectations.

• Lead by example through demonstrating self-confidence energy and enthusiasm.

Conducting Human Resources Activities

• Act proactively when dealing with employee concerns.

• Extend professionalism and courtesy to employees at all times.

• Communicate/update all goals and results with employees.

• Meet regularly with staff on a one-to-one basis.

• Establish and maintain open and collaborative relationships with employees.

• Solicit employee feedback.

• Interview job candidates and assist in making hiring decisions.

• Receive hiring recommendations from team supervisors.

• Ensure orientations for new team members are thorough and completed in a timely fashion.

• Observe behaviors of employees and provide feedback to individuals.