Dir-Information Security - Vendor Risk Management

Dir-Information Security - Vendor Risk Management

08 Jun 2024
New York, Albany, 12201 Albany USA

Dir-Information Security - Vendor Risk Management

Vacancy expired!

Job Number 23099532Job Category Information TechnologyLocation Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United StatesSchedule Full-TimeLocated Remotely? YRelocation? NPosition Type ManagementJOB SUMMARYDrives the overall vendor risk management program as part of the Security Risk, Compliance and Governance team. Responsible for overseeing assessments of vendor security controls to determine alignment with security requirements, determine impact and likelihood of potential security events, and understand residual risk exposure. Responsible for overseeing vendor risk treatment plans with business partners, IT, and vendor representatives to optimize Marriott International’s overall security risk profile. Collaborates broadly across the IT, business organizations, and international teams to define and communicate vendor security risks.CANDIDATE PROFILEEducation and ExperienceRequired:

Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification

8+ years of information technology leadership experience that include implementing, managing, or governing security technologies, including encryption, network security, intrusion detection and digital forensics

4+ years’ experience direct management of a team

Some or all of the following: 5+ years’ experience in managing enterprise security risk management frameworks and processes (e.g., ISO2700X, NIST, Cloud Security Alliance), 5+ years’ experience in implementation of risk management frameworks and processes (e.g., ISO2700X, NIST, Cloud Security Alliance), 5+ years’ experience in facilitating and conducting security assessments related to PCI-DSS, ISO 27001, NIST 800-53, Cybersecurity Framework

Attributes

Strong verbal and written communication skills with the ability to articulate complex technical ideas in easy to understand business terms.

Ability to effectively prioritize and execute tasks in a high-pressure environment.

Strong negotiating, influencing and problem resolution skills.

Preferred:

Experience in implementation or management of security risk programs.

Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

Knowledge of standard security controls frameworks such as ISO 27001, NIST CSF, NIST 800-53, PCI-DSS, CSA, UCF, etc.

Knowledge of IT security within a multi-tiered environment.

Knowledge of ServiceNow GRC and Vendor Risk modules.

Experience in reviewing and assessing the risk of service providers and vendors.

Implementing, managing, and governing security policies.

Experience assessing a 3-tiered system architecture (Web Server, App Server & Database)

Experience with Dynamic Application Security Testing using applications such as Nessus, IBM App Scan, HP Web Inspect, Fortify on Demand, Qualys, Burp, Cigital or Retina.

Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action

Understanding of IT financial structures and ability to manage to corporate financial practices and goals, including drivers of process cost

Graduate/post graduate degree

CORE WORK ACTIVITIESSecurity Risk & Compliance

Validates the process for and monitoring and reporting of vendor security risks across the team

Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that third party vendors meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.

Leads team in performing risk analysis and facilitates risk discussions for cross functional teams.

Develops vendor remediation plans. Monitor progress of agreed upon remediation plans.

Provides guidance and educates the organization in vendor risk management principles and practices

Communicates with Subject Matter Experts to determine expected impact and likelihood of loss events

Review controls exception requests and make risk-based approval decisions.

Provides input into organizational Risk Register

Leads in the evaluation and selection of security and risk management services and products

Conducts assessments of threats and vulnerabilities, determines vendor deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate vendor mitigation countermeasures.

Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products.

Cultivate a High-Performing Team

Creates a compelling vision, clear direction and strategy for the team.

Generates enthusiasm and understanding of the information security vision and how each role contributes to the achievement of that vision.

Ensures capabilities are developed and resources are aligned to support the strategy.

Attracts, motivates, develops and retains highly skilled leaders; champion and model leadership development.

Creates and sustains a work environment that drives associate engagement and enables business success.

Ensures appropriate processes are in place and executed to drive collaboration and alignment within the team and with the broader IT organization.

Serves as a role model and ensure all information security leaders are visible and effective partners with IT counterparts, broader Marriott stakeholders, and service providers.

Be willing and able to adapt to a rapidly changing organization.

Managing Projects and Priorities

Develops specific goals and plans to prioritize, organize, and accomplish work for self and direct reports.

Provides direction and assistance to other teams regarding projects. Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.

Analyzes information and evaluates results to choose the best solution and solve problems.

Thinks creatively and practically to develop, execute and implement new plans or programs. Generates and provides accurate and timely results in the form of reports, presentations, etc.

Plans, develops, implements, and evaluates the quality of the teams’ operations.

Provides recommendations to improve the effectiveness of processes or programs.

Understands and meets the needs of key stakeholders.

Supports achievement of performance goals, budget goals, team goals, etc.

Leading Discipline Team

Champions leaders’ vision for product and service delivery.

Works with direct reports and peers to develop and implement strategies and goals. Communicates a clear and consistent message regarding goals to produce desired results.

Makes and executes the necessary decisions to keep team moving forward toward achievement of goals.

Provides targeted and timely communication of results, achievements and challenges to direct reports, peers, and leaders.

Managing and Conducting Human Resources Activities

Interviews and hires employees.

Promotes the fair and equitable treatment of employees.

Facilitates regular, ongoing communication in department (e.g., staff meetings).

Fosters employee commitment to providing excellent service, participates in daily stand-up meetings and models desired service behaviors in all interactions with customer and employees.

Incorporates customer satisfaction as a component of staff/operations meetings with an emphasis on generating innovative ways to continually improve results.

Sets goals and expectations for direct reports using the performance review process and holds staff accountable for performance goals.

Solicits employee feedback.

Utilizes an “open door policy” and reviews employee satisfaction results to identify and address employee problems or concerns

Promotes adherence to policies consistently, follows disciplinary procedures and documents items according to Standard and Local Operating

Procedures (SOPs and LSOPs) and supports the Peer Review Process.

Conducts annual performance appraisal with direct reports according to Standard Operating Procedures.

Champions change ensures brand and regional business initiatives are implemented and communicates follow-up actions to team as necessary.

Identifies talents of direct reports and their teams and assists with their growth and development plans.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law. Marriott International considers for employment qualified applicants with criminal histories consistent with applicable federal, state and local law.Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you?

Related jobs

Job Details

  • ID
    JC50061772
  • State
  • City
  • Full-time
  • Salary
    N/A
  • Hiring Company
    Marriott
  • Date
    2023-06-09
  • Deadline
    2023-08-08
  • Category

Jocancy Online Job Portal by jobSearchi.