FLEX Director, IT Governance, Audit and Compliance

Job Description

JOB SUMMARY

The Director, IT Governance, Audit & Compliance, is a leadership role responsible for serving as the governance, audit and compliance execution arm for IT controls managed under the Technology Experience Center (TEC) organization.

This role works with IT Provision Owners to perform the governance, oversight, and reporting for regulatory controls that align under IT Asset Inventory, Change Management, Software End of Life (EOL) and Hardware Removal. The Director ensures controls are consistently designed, executed, evidenced, and audit ready in alignment with internal policy, regulatory obligations, and external audit requirements.

The Director partners closely with Marriott IT Control Owners, Product Owners, Application Owners, Infrastructure and Application teams, Security, and Risk Management to facilitate quarterly and annual audits. This role will manage a team who will be responsible for coordinating evidence collection, management for remediation of control gaps, and provide clear, compliance reporting to leadership, Internal Audit, and external regulators.

This role requires deep understanding of IT Operations, Software Development Lifecycle, regulatory control frameworks, audit methodology, and process maturity models (e.g., CMMI) and serves as a key advisor to TEC IT Provision Owners and the GIS Compliance Program on compliance risk, control effectiveness, and continuous improvement.

KEY RESPONSIBILITIES:

IT Governance & Regulatory Compliance

Act as the TEC aligned control execution authority for regulatory IT controls, including Asset Inventory, Change Management, and Software End of Life.

Work with TEC IT Provision and Control Owners for alignment on policy, standard operating procedures, and control execution requirements.

Responsible for control design validation, operational execution oversight, and compliance reporting for TEC managed controls.

Establish and maintain standardized governance processes, control narratives, and operating procedures to ensure consistency and auditability.

Ensure alignment of TEC controls with enterprise policies, regulatory obligations, and audit expectations.

Audit Management & Evidence Collection

Lead quarterly and annual audit requirements, supporting Management Testing and external audit requests.

Coordinate evidence collection, validation, and submission across multiple IT control owners and stakeholders.

Serve as the primary point of contact for GIS Regulatory and Compliance organization and auditors related to TEC managed controls.

Track, manage, and report on audit findings, observations, and remediation activities through closure.

Cross Functional Facilitation & Control Ownership

Facilitate collaboration across TEC IT control owners to ensure timely and accurate control execution.

Partner with Application, Infrastructure, Security, and Platform teams to operationalize compliance requirements.

Drive accountability for control gaps, remediation plans, timelines, and ownership.

Provide clear guidance and education to teams on control intent, expectations, and audit readiness.

Compliance Reporting & Risk Transparency

Develop and deliver executive level compliance reporting, dashboards, and risk summaries.

Provide leadership with clear visibility into control health, risk posture, and remediation progress.

Support regulatory responses with accurate, evidence based narratives and documentation.

Process Maturity & Continuous Improvement

Identify systemic control weaknesses and lead process improvements to reduce audit risk and operational friction.

Establish repeatable, scalable compliance oversight processes to support long term regulatory sustainability.

Leadership and Business Acumen

Lead and develop a compliance focused team responsible for governance execution and audit readiness.

Establish clear performance expectations aligned to control execution quality, audit outcomes, and risk reduction.

Partner effectively with senior leaders, control owners, and auditors as a trusted compliance authority.

Demonstrate sound judgment, discretion, and professionalism when managing regulatory risk and audit interactions.

CANDIDATE PROFILE

Education & Experience

Required

Bachelor's degree or equivalent combination of education, certifications, and experience.

10+ years of progressive IT leadership experience, with demonstrated ownership of governance, audit, or compliance functions, including leading teams, delivering complex initiatives, and driving process improvement and operational excellence.

o Team leadership in matrixed organizations

o Servant leadership that highly values feedback

o Demonstrated ability to resolve conflict and drive direction/focus

Proven experience executing and supporting regulatory IT controls in large, complex enterprises.

Strong working knowledge of:

o IT Operations

o Regulatory control frameworks

o Audit methodologies

o ITIL & SDLC Processes

o Process maturity models (e.g., CMMI)

Demonstrated experience leading audit facilitation, evidence management, and remediation execution.

Exceptional written and verbal communication skills, including the ability to present complex compliance topics to senior leadership.

Proven ability to influence and drive outcomes without direct authority across matrixed organizations.

Preferred

Experience with IT Asset Management, Change Management, and Software Lifecycle controls.

Prior experience supporting internal and/or external regulatory audits.

Familiarity with IT governance, risk, and compliance (GRC) operating models.

Strong analytical skills with the ability to translate data into audit ready insights.

Experience building repeatable compliance processes in evolving or transforming organizations.

At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.

About Us

All locations offer 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.

Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, and paid parental leave.

Washington Applicants Only: Employees will accrue paid sick leave, 0.0384 PTO balance for every hour worked and be eligible to receive minimum of 9 holidays annually.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

About the Team

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.