Associate Architect - Global Information Security

    • Marriott International
  • Bethesda, MD
  • Posted 36 days ago | Updated 7 hours ago

Overview

Remote
On Site
Hybrid
USD 96,038.00 - 209,169.00 per year
Full Time

Skills

IT service management
NIST 800-53
Information security
Information Technology
Software development
Cloud computing
Computer science
Information systems
IT security
IT infrastructure
Operating systems
Agile
Change management
Configuration Management
Asset management
Incident management
Problem management
Application development
Infrastructure architecture
Threat modeling
Cloud security
PCI DSS
Software design
Network design
Identity management
Problem solving
Business process
Information assurance
Functional requirements
Security controls
Status reports
Decision-making
Health care
Life insurance
Management
Policies
Software development methodology
Scalability
Cryptography
Cyber security
Database
Microsoft Windows
Unix
Linux
Intellectual property
WAN
LAN
API
PKI
OWASP
FOCUS
SAFE
ITIL
Software deployment
Research
Documentation
Communication
CISSP
CISM
Cisco Certifications
National Institute of Standards and Technology
CSF
COBIT
SaaS
Salesforce.com
Docker
Kubernetes
Waterfall
Negotiations
Partnership
Privacy
Regulatory Compliance
Strategy
Roadmaps
Legal
Leadership
Data
Presentations
Computer hardware
Energy
Organized
Insurance
Recruiting
SAP BASIS
Law

Job Details

Job Number 24063624
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP
Schedule Full-Time
Located Remotely? Y
Relocation? N
Position Type Management

JOB SUMMARY

Contributes to and refines security strategies, requirements, and standards for applications and platforms. Supports in-depth technical security guidance as a Security Subject Matter Expert (SME) for various technologies and project areas. Ensures company security policies, standards and industry standards are communicated to program teams during the Software Development Life Cycle (SDLC) process. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality, and scalability. Reviews and approves Security Accreditation tasks during each phase of SDLC. Serves as point of escalation for security issues and risks that may arise. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, DevSecOps and Risk.

CANDIDATE PROFILE

Education and Experience

Required:
  • Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.
  • 7+ years' progressive experience in technology/security engineering that included work in three or more of the following areas:
    • Conducting security reviews and identifying risks and gaps
    • Performing security accreditations
    • Developing security architectures and strategies
    • Developing Enterprise security patterns
    • Working with development teams and vendor teams for implementing compensating controls
  • 2+ years' experience in contributing to the security architectures and identifying security risks/gaps as well as mitigation strategies.
  • 3+ years combined experience in some or all of the following:
    • Full-stack knowledge of IT infrastructure:
      • Applications
      • Databases
      • Operating systems - Windows, Unix, and Linux
      • IP networks - WAN and LAN
      • Knowledge of DevSecOps
      • Knowledge of API Architectures
    • Cryptography and current cryptographic standards, including PKI
    • Working knowledge of the OWASP Top 10
Preferred:
  • Strong working knowledge of Agile Methodologies with a focus on SAFe.
  • Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
    • Change management
    • Configuration management
    • Asset management
    • Incident management
    • Problem management
  • Ability to provide security requirements for areas including but not limited to; Cloud Computing, Application Development, IAM, Cryptography, DevSecOps and Infrastructure design.
  • Ability to understand large complex integrated solutions and provide the security needed between systems.
  • Experience in developing Enterprise Security Strategies.
  • Experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
  • Experience designing the deployment of applications and infrastructure into hybrid, and public cloud services.
  • Ability to conduct independent research.
  • Strong abilities and experience in documentation and written communication for diverse audiences.
  • Experience working with diverse and distributed global teams.
  • Current information security certification(s), such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISC2 Certified Cloud Security Professional (CCSP), GIAC certifications, ITIL.
  • Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.
  • Knowledge of securing technologies such as, but not limited to; SaaS services (i.e., O365, Salesforce), Application Design, Container Platforms (i.e., Docker, Kubernetes), APIs, Serverless, Network Infrastructure, Operating Systems, Identity and Access Management.
  • Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of the ITIL Framework.
  • Knowledge of SAFe Agile Methodologies.
  • Strong negotiating, influencing and problem resolution skills.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Ability to assess customer/client needs, creatively approach solutions, decide, and influence appropriate courses of action.
CORE WORK ACTIVITIES ?

Standards & Business Partnership
  • Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
  • Contributes to the strategy and roadmap, provides guidance, creates standards and guidelines, and reviews architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.
  • Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility.
  • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.
  • Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain.
  • Applies knowledge of priorities to define an entity's direction and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.
  • Works with the Security Architects to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process including but not limited to: Data Classification, Security Controls, Threat Models, Architecture Review Boards, Authority to Operate.
Maintaining Goals
  • Submits reports in a timely manner, ensuring delivery deadlines are met.
  • Promotes the documenting of project progress accurately.
  • Provides input and assistance to other teams regarding projects.
Managing Work, Projects, and Policies
  • Manages and implements work and projects as assigned.
  • Generates and provides accurate and timely results in the form of reports, presentations, etc.
  • Analyzes information and evaluates results to choose the best solution and solve problems.
  • Provides timely, accurate, and detailed status reports as requested.
Demonstrating and Applying Discipline Knowledge
  • Provides technical expertise and support to persons inside and outside of the department.
  • Demonstrates knowledge of job-relevant issues, products, systems, and processes.
  • Demonstrates knowledge of function-specific procedures.
  • Keeps up-to-date technically and applies new knowledge to job.
  • Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
Delivering on the Needs of Key Stakeholders
  • Understands and meets the needs of key stakeholders.
  • Develops specific goals and plans to prioritize, organize, and accomplish work.
  • Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
  • Collaborates with internal partners and stakeholders to support business/initiative strategies
  • Communicates concepts in a clear and persuasive manner that is easy to understand.
  • Generates and provides accurate and timely results in the form of reports, presentations, etc.
  • Demonstrates an understanding of business priorities
Additional Responsibilities
  • Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
  • Demonstrates self confidence, energy and enthusiasm.
  • Informs and/or updates leaders on relevant information in a timely manner.
  • Manages time effectively and conducts activities in an organized manner.
  • Presents ideas, expectations and information in a concise, organized manner.
  • Uses problem solving methodology for decision making and follow up.
  • Performs other reasonable duties as assigned by manager.
California Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.

Colorado Applicants Only: The salary range for this position is $96,038.00 to $190,154.00 annually.

Hawaii Applicants Only: The salary range for this position is $116,205.00 to $209,169.00 annually.

New York Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.

Washington Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 42 days after the date of this posting, 4/11/2024.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.