Senior Manager, Business Information Security Partnership

Job Number 24023592
Job Category Information Technology
Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP
Schedule Full-Time
Located Remotely? N
Relocation? N
Position Type Management
JOB SUMMARY

The BISP (Business Information Security Partner) Sr. Manager supports the Business Information Security Partnership (BISP) Directors within Global Information Security (GIS) organization and their assigned products and platforms keeping clear lines of communication including, but not limited to: transparency to the product and platforms on upcoming security initiatives, reporting of security risks to product and platform leader, and the GIS sub-functions. The Sr. Manager also serves as a trusted advisor and relationship owner for an assigned subsection of the business. Additionally, this role will ensure business compliance with the GIS Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.

In supporting the BISP Directors, the incumbent will use their experience and knowledge of information and cybersecurity as well as their process management, negotiating, influence and problem-solving skills to understand security technology lifecycles and objectives; further, to translate them into mutually beneficial business strategies for their product and platforms clients. And as relationship owner the incumbent will use their experience in and knowledge of cybersecurity, business, and risk management as well as their process management, financial acumen, negotiating, influence, and problem-solving skills to understand business and security technology lifecycles and objectives; further, to translate them into mutually beneficial business strategies and multi-year plans for their product and platform clients.

CANDIDATE PROFILE

Required Education and Experience:

• 7+ years progressive and relevant information security work that includes:
  • 3+ years in cybersecurity including consulting, governance, risk, compliance, engineering, architecture, identity and access management, vulnerability management, threat intel, security operations, and/or security program management
• 1+ years executing strategic technology plans and/or projects
• 1+ years working with risk management frameworks and processes
• 1+ years communicating security risks and impacts
• Bachelor's degree in Computer Sciences, Cybersecurity, Information Security, Information Technology, Business or related field or equivalent experience/certification.

Preferred Experience:

• Direct experience working in a Business Information Security Officer (BISO) group
• Experience in risk mitigation and assessment in application to business needs
• Support risk management and compliance programs
• Demonstrated strategy development and thought leadership
• Soft-side and Technical Consulting Skills: growing and maintaining positive strategic relationships, comfortable supporting Sr. Exec Business and Technology Leadership, briefing Sr. Leadership on technical topics, anticipating and proactively addressing needs and concerns, listening/discerning.
• Good understanding of security best practices, including NIST CSF, NIST 800-53, ISO27001, and PCI DSS
• Knowledge of global regulatory standards, including GDPR, CCP, Etc.
• Analytical, planning, organizational, and problem-solving skills
• Proven ability to track, execute, and report on the goals, actions plan, and deliverables.
• An understanding of risk management frameworks
• Experience working in an Agile environment
• Knowledge of DevSecOps | application security
• Experience participating in security incident responses
• Ability to demonstrate security experience via certifications (CISSP, CISA, CRISC, CISM, etc.) or significant career accomplishments
• Graduate/post-graduate degree

CORE WORK ACTIVITIES

• Act as the deputy of the BISP in terms of strategy and program management to manage and effect cybersecurity risk within sections of lines of business
• Own and drive the information security program for respective sections of lines of business
• Provides thought leadership to lines of business, along with Global Technology product and platform technology roadmap strategies
• Provides leadership to sections of lines of business for the implementation of the Marriott Information Security policy, procedures, and standards throughout their business
• Liaise and coordinate between business teams and Global Information Security to promote the adoption of the GIS strategy and security offerings
• Serves as the escalation point of contact for assigned sections of lines of business; leads efforts to resolve escalated issues
• Proposes trade-offs within and across different solution platforms.
• Provides insights on impacts of the timing of solution introduction and technology retirement
• Proactively identifies information security deficiencies or opportunities for improvement to enable information security at the global level better.
• Provides communication or escalation path for information security issues identified by Global Information Security or the product and platform teams.
• Supports risk management process by identifying risk, consulting on remediation plans, and monitoring risk remediation to closure
• Serve as business subject matter expert for incident response and consult and coordinate on emergency actions to protect the business
• Deliver security awareness training to drive risk-based decision-making, enabling business teams to achieve their strategies and goals
• Monitor Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs); Design and develop appropriate KPIs and KRIs
• Deliver program consistency and effectiveness across all sections of lines of business for approaches, processes, and procedures.
• Participates in reporting requirements, monthly/quarterly status meetings, and offsites

Maintaining Goals

• Submits reports in a timely manner, ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.

Managing Work, Projects, and Policies

• Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely, accurate, and detailed status reports as requested.

Demonstrating and Applying Discipline Knowledge

• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job.
• Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

Delivering on the Needs of Key Stakeholders

• Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Demonstrates an understanding of business priorities

Additional Responsibilities

• Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
• Demonstrates self-confidence, energy and enthusiasm.
• Informs and/or updates leaders on relevant information in a timely manner.
• Manages time effectively and conducts activities in an organized manner.
• Presents ideas, expectations and information in a concise, organized manner.
• Uses problem solving methodology for decision making and follow up.
• Performs other reasonable duties as assigned by manager.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.