Senior Director, Information Security – Compliance Program

JOB SUMMARY:

The Sr. Director Global Information Security (GIS) Compliance Program is a key member of the GIS leadership team responsible for the enterprise alignment to our cyber regulatory and/or settlement agreements. They will lead an organization that coordinates tactical efforts across the company to provide visibility into our Information Security Program to settlement agreement monitoring a portfolio of projects needed to maintain compliance. This includes the management testing of the Information Security Program monitoring and reporting of compliance to the provisions driving actions needed to maintain compliance and adhere to the obligations. Ensures executive awareness and compliance through management of program KPI/KRIs to ensure that we are adhering to order obligations.

CANDIDATE PROFILE

Required:

• Bachelors degree in Cybersecurity Business Administration or a related field or equivalent experience.

• 10 years of leadership experience in Information Technology and/or Consulting including:

• 5 years of experience managing complex multifunctional technology or security initiatives

• 5 years of experience in portfolio or program management and governance reporting at executive levels

• Prior experience with compliance programs and/or government or legal compliance requirements

• Ability to influence others including those at senior organizational levels

Preferred:

• Graduate/post graduate degree or legal degree preferred

• Exceptional portfolio or program management competence and skills

• Excellent verbal and written communication skills with the ability to articulate complex ideas in easy to understand business terms

• Ability to distribute assign and ensure completion of work throughout various teams without direct management authority

• Strong analytical skills for planning estimating budgeting and monitoring program/project work

• Ability to form and foster high performing teams

• Ability to accomplish results through others particularly by establishing relationships and effective controls

• Strong negotiating influencing and problem resolution skills

• Proven ability to effectively prioritize and execute tasks in a high-pressure environment

• Project Management Professional (PMP) certification portfolio or similar certifications.

CORE WORK ACTIVITIES

Information Security Compliance and Settlement Program Leadership

• Reporting and Management of portfolio of projects or remediations linked to regulatory commitments needed to maintain compliance to the Settlement agreement

• Manage testing of ISP controls. Provide results that can serve settlement purposes.

• Work with teams to standardize processes for monitoring metrics and reporting for compliance efforts for regulatory commitments.

• Provide visibility to the settlement program and activities to leadership. Raise and mitigate risks to compliance to the regulatory commitments.

• Ensure compliance activities are aligned or integrated as much as possible with the Information Security Program & processes and Risk Assessments.

• Develop and lead a high functioning team that leverages program management expertise best practices and analytics to manage portfolio

• Review key initiatives to ensure alignment with legal agreements and cyber risk program.

• Partner with senior leaders to facilitate portfolio management effectiveness

• Supervise all aspects of department performance. Determines the priorities goals plans and resources to ensure delivery of effective project and portfolio management function. Sets goals and expectations for direct reports using the performance review process.

• Make and execute the necessary decisions to keep moving forward toward achievement of goals.

• Create a synergistic leadership team and environment that consistently delivers positive results and continuously strives to improve these results. Provide targeted and timely communication of results achievements and challenges to direct reports peers and leaders.

• Inspires and motivates team to achieve operational excellence. Communicate a clear and consistent message regarding goals to produce desired results.

• Plan develop implement and evaluate the quality of the teams operations to ensure a flexible and scalable organization Develops and Enables Program Management Capabilities

• Lead the development and implementation of tools and processes to manage:

• Program & Project risks and interdependences

• Benefits realization/Settlement alignment

• Project estimates and costs

• Resources and metrics

• Lead efforts to design a risk management approach for the program and establish processes to manage adherence to risk management processes.

• Work with teams facilitate the development of actionable work plans deployment models and resource allocations to maintain compliance with the intent of the consent agreement.

• Establish and implement processes to communicate program and MBO performance

• Define program management roles and the related refinement and management of settlement agreement portfolio and management of KPIs and metrics.

• Identify key drivers of success and keeps the team focused on those that are critical to achieve results.

• Review goals and strategies to ensure alignment with the discipline and GT roadmaps.

• Develop and implement strategies that enable Marriott to deliver products and services to meet or exceed the needs of the business aligning to settlement agreement and reducing the cybersecurity risk posture of the company

Manage Quality & Governance

• Participate with Governance Forums to enable management of the cross program initiatives related to settlement compliance

• Ensure that the appropriate metrics and analyses are conducted and that communications protocols are established to keep stakeholders informed

Cultivate a High-Performing Team

• Create a compelling vision clear direction and strategy for the team

• Generate enthusiasm and understanding of the information security vision and how each role contributes to the achievement of that vision

• Continuously improve program team and job structures and ensures clear leadership accountabilities are in place.

• Ensure capabilities are developed and resources are aligned to support the strategy

• Attract motivate develop and retain highly skilled leaders; champion and model leadership development

• Set goals and expectations for direct reports using the performance review process and holds staff accountable for performance goals.

• Hold leaders accountable for building teams with the appropriate mix of talent and skills to drive innovation and performance. Cultivate direct reports and their teams supporting their growth and development plans

• Create and sustain a work environment that drives associate engagement and enables business success

• Ensure appropriate processes are in place and executed to drive collaboration and alignment within the team and with the broader IT organization

• Facilitate regular ongoing communication and collaboration with your team and across the organization

• Serve as a role model and ensure all information security leaders are visible and effective partners with IT counterparts broader Marriott stakeholders and service providers

• Utilize an open door policy and review employee satisfaction results to identify and address employee problems or concerns

• Perform other reasonable duties as required for the position.