FLEX Senior Manager, Risk Management and Compliance

This is a temporary position.

JOB SUMMARY

The Senior Manager Risk Management & Compliance is a strategic leader responsible for strengthening Marriotts Global Technology governance driving timely closure of security and compliance issues and ensuring consistent riskmanagement execution across application and infrastructure teams. This role provides oversight direction and accountability to ensure technology services operate securely regulatory and policy obligations are met and risks are identified and remediated before they impact the business.

You will play a critical role in maturing GTs audit compliance and controls disciplineensuring teams are ready for internal and external assessments accelerating remediation of findings and reinforcing operational rigor across the technology landscape. Responsibilities include guiding process owners on internal control best practices validating control readiness monitoring and reporting audit and security findings and leveraging automation and analytics to drive issue closure and improve compliance performance.

This role champions a proactive riskmanagement mindset by identifying emerging risks advising on required controls ensuring consistent adoption across GT and promoting governance practices that prevent financial operational and reputational harm. The ideal candidate combines strong leadership with a solutionoriented approach to eliminate ambiguity influence cross-functional teams and drive measurable improvements in security and compliance outcomes.

CANDIDATE PROFILE

Required:

• Undergraduate degree in Business IT Cybersecurity Data Analytics or related disciplineor equivalent experience/certification.
• At least 7 years of IT leadership experience demonstrating deep technical understanding and strong stakeholder engagement skills including:
  • 5 years in IT infrastructure risk governance audit and compliance across legacy and cloud environments.
  • 3 years leading audits compliance programs and remediation efforts with a strong track record of driving timely issue closure.
  • Experience designing evaluating and advising on IT and cybersecurity controls for both cloud and onpremises technologies.
  • Experience automating governance evidence collection reporting or control testing.
  • At least one professional certification (CISA CRISC CISSP or equivalent).
• Demonstrated success collaborating across crossfunctional sourced or matrixed teams to drive accountability.
• Strong analytical problemsolving and prioritization skills in highpressure environments.
• Excellent verbal and written communication skills with the ability to influence application infrastructure and senior leadership stakeholders.

Preferred:

• Graduate degree in a technical discipline.
• Handson experience with enterprise GRC DevSecOps and cybersecurity platforms (e.g. ServiceNow Jira Confluence Splunk CrowdStrike).
• Experience managing or contributing to complex portfolios or programs.
• Familiarity with Scaled Agile Framework (SAFe) environments.
• Strong data analytics skills (e.g. Power BI) for metrics dashboards and BIdriven insights.

CORE WORK ACTIVITIES

1. Audit and Compliance Oversight and Delivery

• Lead enterprisealigned compliance operations across Global Technology ensuring consistent delivery by application and infrastructure teams.
• Oversee tracking of active and planned compliance work escalating delays or risks to leadership as needed.
• Support the maintenance of GTs control inventory; ensure ownership documentation and evidence are complete and auditready.
• Provide expert guidance on control design implementation and documentation quality; validate adequacy and effectiveness.
• Drive automation of evidence collection and reporting to reduce manual effort and human error.
• Provide programlevel control performance reporting to senior management including risks trends and required actions.

2. Issue Management & Remediation Leadership

• Serve as the central point of oversight for GT issue management - ensuring security/technology/data privacy findings internal audit observations and compliance gaps are actively monitored and driven to closure leveraging a risk-based approach.
• Monitor aging overdue and highrisk issues daily; coordinate with application and infrastructure owners to obtain updates and enforce remediation accountability.
• Collaborate with compliance and security counterparts to validate issue context assess risk impact and advise on effective remediation strategies.
• Provide clear guidance to Global Technology teams on issue management expectations lifecycle requirements and escalation paths.
• Lead development and reporting of key issue management metrics (e.g. remediation aging risk trends owner performance) ensuring transparency for senior leadership and committees.

3. Maturing Risk Management & Compliance Operations

• Develop and maintain standard operating procedures governance frameworks and documentation that strengthen consistency in GT risk and compliance practices.
• Align GTs risk and compliance processes with enterprise tools platforms and governance models.
• Lead initiatives to streamline automate and optimize compliance control and riskmanagement processes across GT.
• Drive adoption of riskmanagement capabilities across application and infrastructure teams through guidance training and continuous reinforcement.

4. Audit Readiness Execution & Advisory

• Lead and support GT participation in internal/external audits covering infrastructure cybersecurity cloud thirdparty risk and operational domains.
• Conduct control readiness reviews by interviewing owners reviewing evidence identifying gaps and preparing teams for audit engagement.
• Facilitate kickoff status and closeout meetings; ensure alignment on scope risks timelines and expected deliverables.
• Produce clear factbased and actionable reports for leadership outlining control gaps remediation steps and risk implications.
• Support special audit projects (e.g. major system implementations remediation assurance automated control deployments).

5. Stakeholder Coordination & Governance Engagement

• Partner with internal/external auditors GT leadership control owners and process teams to ensure timely and accurate execution of audit and compliance work.
• Provide oversight to ensure technology teams consistently follow issue management control operations and compliance responsibilities.

6. Metrics Analytics & Reporting

• Develop leading and lagging indicators for proactive risk management.
• Build analyticsdriven dashboards and insights to support datainformed decisions around compliance posture issue aging control maturity and remediation progress.
• Identify themes and systemic issues from metrics to recommend enterpriselevel improvements.

7. Project Management & Strategic Prioritization

• Set clear goals and priorities for self and team; ensure execution aligns with GT riskmanagement strategy.
• Direct stakeholders in organizing resourcing and completing remediation and compliance projects.
• Evaluate information identify root causes and recommend practical solutions for longterm risk reduction.
• Deliver timely and accurate outputs including reports presentations and executive updates with strong attention to detail.

At Marriott International we are dedicated to being an equal opportunity employer welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and greatest strength lies in the rich blend of culture talent and experiences of our are committed to non-discrimination on any protected basis including disability veteran status or other basis protected by applicable law.