This job is closed

We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.

Senior Manager, Information Security - Risk and Compliance

Marriott Internationalposted 8 months ago
$96,038 - $209,169/Yr
Full-time - Manager
Hybrid - Indianapolis, IN
Accommodation

About the position

The position is responsible for managing security compliance across various domains, including network compliance, endpoint compliance, and exceptions processing. The individual will review endpoints to ensure they comply with Marriott's endpoint security technology policies, tracking areas of non-compliance and collaborating with stakeholders to rectify these issues. Additionally, the role involves reviewing, approving, and tracking policy exceptions while working closely with the Risk Management team to ensure alignment with Enterprise Risk. The position also entails managing and improving the IT Security Compliance inventory and lifecycle, which includes monitoring all asset assessments, data analysis, reporting, and remediation of findings. In this role, the candidate will consistently monitor compliance with applicable security policies and standards, executing technical risk assessments and advising business and IT leaders on the risks associated with various initiatives and tools. The individual will define and execute Third Party/Vendor Security Risk Assessment programs, oversee documentation and validation processes to ensure compliance with security assurance and privacy requirements, and manage processes that identify and retain intellectual capital and information content. The candidate will conduct assessments on threats and vulnerabilities, determine deviations and levels of risk, and follow up with gap identification and testing on assessed risks. The position requires the submission of timely reports, ensuring that delivery deadlines are met, and promoting accurate documentation of project progress. The candidate will manage and implement assigned work and projects, generating accurate and timely results in the form of reports and presentations. They will also provide technical expertise and support to internal and external stakeholders, demonstrating knowledge of job-relevant issues, products, systems, and processes. The role demands effective communication with key stakeholders to understand and meet their needs, developing specific goals and plans to prioritize and accomplish work efficiently.

Responsibilities

  • Manage security compliance including network and endpoint compliance.
  • Review endpoints for compliance with security policies and track non-compliance areas.
  • Work with stakeholders to bring non-compliant areas back to compliance.
  • Review, approve, and track policy exceptions in collaboration with the Risk Management team.
  • Manage and improve the IT Security Compliance inventory and lifecycle.
  • Monitor all asset assessments and conduct data analysis, reporting, and remediation of findings.
  • Consistently monitor compliance with applicable security policies and standards.
  • Execute technical risk assessments and advise business and IT leaders on risks.
  • Define and execute Third Party/Vendor Security Risk Assessment programs.
  • Oversee documentation and validation processes for security assurance and privacy requirements.
  • Conduct assessments on threats and vulnerabilities and determine risk levels.
  • Deliver recommendations to leadership and vendors regarding present risks and necessary remediation actions.
  • Create and drive the development of process and policy documentation.
  • Submit timely reports and ensure delivery deadlines are met.
  • Manage and implement assigned work and projects, providing accurate results in reports and presentations.

Requirements

  • Bachelor's degree in computer sciences or related field or equivalent experience/certification.
  • 7+ years of general information technology experience with at least 3+ years' experience in endpoint security technologies.
  • Experience with encryption, Anti-Virus, EDR, Application Control technologies, NAC, network security, and host-based intrusion detection systems.
  • Working knowledge of IT Endpoint management tools such as Active Directory, BigFix, Tanium, CrowdStrike, and others.
  • Current information security certification (CISM, CISA, CISSP, CCNA, CND, Security+, CTPRP).
  • Extensive experience in security policy creation and endpoint lifecycle management.
  • Experience with reporting dashboards and metrics tracking for Endpoint compliance.
  • Technical leadership experience in an ITO environment and with Local Service Providers.
  • Project management skills and abilities to lead IT Security Compliance Projects.
  • Excellent communication/reporting skills and problem-solving ability related to IT Security Compliance.

Nice-to-haves

  • Knowledge of IT Protocols such as ARP, TCP/IP, WMI, SNMP, SMB, SSL, TLS, SMTP, SOAP, Web Services, or Kerberos.
  • Familiarity with technical infrastructure operations, network administration, or engineering background.

Benefits

  • Medical, dental, and vision coverage.
  • Health care flexible spending account.
  • Dependent care flexible spending account.
  • Life insurance and disability insurance.
  • Accident insurance and adoption expense reimbursements.
  • Paid parental leave and educational assistance.
  • 401(k) plan and stock purchase plan.
  • Discounts at Marriott properties.
  • Commuter benefits and employee assistance plan.
  • Childcare discounts.
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service