Director - Information Security - Security Discipline Partnership

Additional Information Replacement of req 24052780--post for 3 days
Job Number 24059910
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP
Schedule Full-Time
Located Remotely? Y
Relocation? N
Position Type Management
Job Summary 

The BISP (Business Information Security Partner) is the Information Security program owner for their assigned lines of business along with Global Technology products, platforms, infrastructure, and shared services. As a trusted advisor to SVP leadership, this role will strategically engage with the lines of business, Global Technology (GT), Executive Leadership Team, and their respective towers. Keep clear lines of communication, including but not limited to; transparency to the line of business and GT SVPs on security roadmaps, tactical initiatives, reporting of security risks to the product and platform, impacting lines of business and the GIS sub-functions. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions. 

As the business support partner, the incumbent will use their experience in and knowledge of cyber security, business, and risk management as well as their process management, financial acumen, negotiating, influence, and problem-solving skills to understand business and security technology lifecycles and objectives; further, to translate them into mutually beneficial business strategies and multi-year plans for their product and platform clients.Candidate Profile Education And Experience

Required:

• 8+ years relevant work experience including: 
  • 6 years in cybersecurity that includes security program management, metrics capture and analysis and technology expertise.
  • 3+ years leading the design and implementation of information security programs
  • 3+ years developing and executing strategic technology plans and/or project portfolios
  • 2+ years’ implementing enterprise security risk management frameworks and processes
  • 2+ years communicating with executive leadership on security risks and impacts 
  • Bachelor’s degree in Computer Sciences, Cybersecurity, Information Security, Information Technology, Business or related field or equivalent experience/certification.

    Preferred:

    • Previous experience serving as a Business Information Security Officer (BISO) with the responsibility to be the primary Information Security interface with one or more major Lines of Business
    • Significant experience in risk mitigation and assessment in application to business needs
    • Experience providing advisory services to a line of business on risk issues related to Information Security and recommending actions in support of business broader risk management and compliance programs
    • Demonstrated strategy development and thought leadership within Information Security and Cybersecurity
    • Mastery of Soft-side and Technical Consulting Skills: growing and maintaining positive strategic relationships, comfortable supporting Sr. Exec Business and Technology Leadership, briefing Sr. Leadership on technical topics, anticipating and proactively addressing needs and concerns, listening/discerning.
    • Good understanding of security best practices, including NIST CSF, NIST 800-53, ISO27001, and PCI DSS, and will have experience working with one of these frameworks.
    • Knowledge of global regulatory standards, including GDPR, CCP, Etc.
    • Strong analytical, planning, organizational, and problem-solving skills
    • Proven ability to translate strategy into specific goals, action plans, and deliverables, then track, execute, and report on the goals, actions plan, and deliverables.
    • A solid understanding of risk-based decision-making and risk management frameworks
    • Experience working in an Agile environment
    • Knowledge of DevSecOps | application security
    • Experience participating in and coordinating activities for security incident responses
    • Ability to demonstrate security experience via certifications (CISSP, CISA, CRISC, CISM, etc.) or significant career accomplishments
    • Graduate/post-graduate degree Core Work Activities  
      • Act as the deputy of the CISO/ISP leader in terms of strategy and program management to manage and effect cybersecurity risk​ within lines of business
      • Own and drive the information security program for respective lines of business
      • Provides thought leadership to lines of business, along with Global Technology product and platform technology roadmap strategies
      • Provides leadership to lines of business for the implementation of the Marriott Information Security policy, procedures, and standards throughout their business
      • Liaise and coordinate between business teams and Global Information Security to promote the adoption of the GIS strategy and security offerings
      • Serves as the escalation point of contact for assigned lines of business; leads efforts to resolve escalated issues
      • Negotiates trade-offs within and across different solution platforms.
      • Provides insights on impacts of the timing of solution introduction and technology retirement
      • Proactively identifies information security deficiencies or opportunities for improvement to enable information security at the global level better.
      • Provides communication or escalation path for information security issues identified by Global Information Security or the product and platform teams.
      • Supports risk management process by identifying risk, consulting on remediation plans, and monitoring risk remediation to closure
      • Serve as business subject matter expert for incident response and consult and coordinate on emergency actions to protect the business​
      • Deliver security awareness training to drive risk-based decision-making, enabling business teams to achieve their strategies and goals​
      • Monitor Key Performance Indicators (KPIs) & Key Risk Indicators (KRIs); Design and develop appropriate KPIs and KRIs ​
      • Hold a permanent seat on governance boards and committees that impact or converge with Information Security ​
      • Deliver program consistency and effectiveness across all lines of business for approaches, processes, and procedures.
      • Participates in reporting requirements, monthly/quarterly status meetings, and offsites. Maintaining Goals
        • Submits reports in a timely manner, ensuring delivery deadlines are met.
        • Promotes the documenting of project progress accurately.
        • Provides input and assistance to other teams regarding projects. Managing Work, Projects, And Policies
          • Manages and implements work and projects as assigned.
          • Generates and provides accurate and timely results in the form of reports, presentations, etc.
          • Analyzes information and evaluates results to choose the best solution and solve problems.
          • Provides timely, accurate, and detailed status reports as requested. Demonstrating And Applying Discipline Knowledge
            • Provides technical expertise and support to persons inside and outside of the department.
            • Demonstrates knowledge of job-relevant issues, products, systems, and processes.
            • Demonstrates knowledge of function-specific procedures.
            • Keeps up-to-date technically and applies new knowledge to job.
            • Uses computers and computer systems (including hardware and software) to enter data and/ or process information. Delivering On The Needs Of Key Stakeholders
              • Understands and meets the needs of key stakeholders.
              • Develops specific goals and plans to prioritize, organize, and accomplish work.
              • Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
              • Collaborates with internal partners and stakeholders to support business/initiative strategies
              • Communicates concepts in a clear and persuasive manner that is easy to understand.
              • Generates and provides accurate and timely results in the form of reports, presentations, etc.
              • Demonstrates an understanding of business priorities California Applicants Only The salary range for this position is $110,550.00 to $245,238.00 annually. Colorado Applicants Only The salary range for this position is $110,550.00 to $222,943.00 annually. Hawaii Applicants Only The salary range for this position is $133,766.00 to $245,238.00 annually. New York Applicants Only The salary range for this position is $110,550.00 to $245,238.00 annually. Washington Applicants Only The salary range for this position is $110,550.00 to $245,238.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus and restricted stock units/stock grants. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.  

                All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

                Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD;  candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

                The application deadline for this position is 5 days or update per Comments] after the date of this posting, 4/4/2024.

                Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
                
                Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ Begin your purpose, Belong to an amazing global​ team, and Become the best version of you.
                

                Source: Hospitality Online

---