FLEX Director, IT Governance, Audit and Compliance

JOB SUMMARY

The Director IT Governance Audit & Compliance is a leadership role responsible for serving as the governance audit and compliance execution arm for IT controls managed under the Technology Experience Center (TEC) organization.

This role works with IT Provision Owners to perform the governance oversight and reporting for regulatory controls that align under IT Asset Inventory Change Management Software End of Life (EOL) and Hardware Removal. The Director ensures controls are consistently designed executed evidenced and audit ready in alignment with internal policy regulatory obligations and external audit requirements.

The Director partners closely with Marriott IT Control Owners Product Owners Application Owners Infrastructure and Application teams Security and Risk Management to facilitate quarterly and annual audits. This role will manage a team who will be responsible for coordinating evidence collection management for remediation of control gaps and provide clear compliance reporting to leadership Internal Audit and external regulators.

This role requires deep understanding of IT Operations Software Development Lifecycle regulatory control frameworks audit methodology and process maturity models (e.g. CMMI) and serves as a key advisor to TEC IT Provision Owners and the GIS Compliance Program on compliance risk control effectiveness and continuous improvement.

KEY RESPONSIBILITIES:

IT Governance & Regulatory Compliance

Act as the TEC aligned control execution authority for regulatory IT controls including Asset Inventory Change Management and Software End of Life.

Work with TEC IT Provision and Control Owners for alignment on policy standard operating procedures and control execution requirements.

Responsible for control design validation operational execution oversight and compliance reporting for TEC managed controls.

Establish and maintain standardized governance processes control narratives and operating procedures to ensure consistency and auditability.

Ensure alignment of TEC controls with enterprise policies regulatory obligations and audit expectations.

Audit Management & Evidence Collection

Lead quarterly and annual audit requirements supporting Management Testing and external audit requests.

Coordinate evidence collection validation and submission across multiple IT control owners and stakeholders.

Serve as the primary point of contact for GIS Regulatory and Compliance organization and auditors related to TEC managed controls.

Track manage and report on audit findings observations and remediation activities through closure.

Cross Functional Facilitation & Control Ownership

Facilitate collaboration across TEC IT control owners to ensure timely and accurate control execution.

Partner with Application Infrastructure Security and Platform teams to operationalize compliance requirements.

Drive accountability for control gaps remediation plans timelines and ownership.

Provide clear guidance and education to teams on control intent expectations and audit readiness.

Compliance Reporting & Risk Transparency

Develop and deliver executive level compliance reporting dashboards and risk summaries.

Provide leadership with clear visibility into control health risk posture and remediation progress.

Support regulatory responses with accurate evidence based narratives and documentation.

Process Maturity & Continuous Improvement

Identify systemic control weaknesses and lead process improvements to reduce audit risk and operational friction.

Establish repeatable scalable compliance oversight processes to support long term regulatory sustainability.

Leadership and Business Acumen

Lead and develop a compliance focused team responsible for governance execution and audit readiness.

Establish clear performance expectations aligned to control execution quality audit outcomes and risk reduction.

Partner effectively with senior leaders control owners and auditors as a trusted compliance authority.

Demonstrate sound judgment discretion and professionalism when managing regulatory risk and audit interactions.

CANDIDATE PROFILE

Education & Experience

Required

Bachelors degree or equivalent combination of education certifications and experience.

10 years of progressive IT leadership experience with demonstrated ownership of governance audit or compliance functions including leading teams delivering complex initiatives and driving process improvement and operational excellence.

o Team leadership in matrixed organizations

o Servant leadership that highly values feedback

o Demonstrated ability to resolve conflict and drive direction/focus

Proven experience executing and supporting regulatory IT controls in large complex enterprises.

Strong working knowledge of:

o IT Operations

o Regulatory control frameworks

o Audit methodologies

o ITIL & SDLC Processes

o Process maturity models (e.g. CMMI)

Demonstrated experience leading audit facilitation evidence management and remediation execution.

Exceptional written and verbal communication skills including the ability to present complex compliance topics to senior leadership.

Proven ability to influence and drive outcomes without direct authority across matrixed organizations.

Preferred

Experience with IT Asset Management Change Management and Software Lifecycle controls.

Prior experience supporting internal and/or external regulatory audits.

Familiarity with IT governance risk and compliance (GRC) operating models.

Strong analytical skills with the ability to translate data into audit ready insights.

Experience building repeatable compliance processes in evolving or transforming organizations.

At Marriott International we are dedicated to being an equal opportunity employer welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and greatest strength lies in the rich blend of culture talent and experiences of our are committed to non-discrimination on any protected basis including disability veteran status or other basis protected by applicable law.