Manager, Security Assurance (PCI)
This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
Job Description
JOB SUMMARY
Contributes to Marriott International in achieving its mission by contributing to internal and external audit engagements that analyze and evaluate new and existing information systems and applications to ensure appropriate controls exists, processing is efficient and accurate. Further, validates that the results follow Marriott's standards and expectations. This position works closely with Global Information Security leadership and external experts as necessary to build and maintain strong security controls, policies, and standards while ensuring ongoing compliance with all relevant regulations, laws, and standards. This role is expected to evaluate assurance project(s) progress and will track and report meaningful risk-based recommendations to management.
CANDIDATE PROFILE
Education and Experience
Required:
- Bachelor's degree in information security or related field or equivalent experience/certification
- 5+ years' progressive information technology or information security experience that include
- 2+ years contributing to the design, implementation, and assessment of information security programs
- 2+ years implementing enterprise security frameworks and processes
Preferred:
- Expert understanding and experience working with some or all of these security frameworks: NIST CSF, NIST 800-53, NYDFS, ISO27001, ISO 27002, PCI DSS.
- Current information security certification, including Certified Information Systems Security Professional (CISSP), PCI Internal Security Assessor (ISA), Payment Card Industry Professional (PCIP) ISO27001 Lead Auditor, Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
- Expert level understanding of key network and system security controls. Expertise in various security technologies, such as firewalls and network segmentation, IDS, vulnerability/application scanning, and penetration testing.
- Capability in interpreting and understanding vulnerability scan and penetration testing results.
- Working knowledge of global regulatory standards to include GDPR within a digital business.
- Demonstrated ability to apply information security policies enterprise wide.
- Knowledge of IT security within an infrastructure environment.
- Proven knowledge of SDLC and solid understanding of ITIL v3 Framework.
- Experience in business systems and process planning.
- Working knowledge of business environment, service requirements, and/or hospitality culture.
- Strong foreign language skills particularly reading and writing.
- Graduate/post graduate degree.
CORE WORK ACTIVITIES
- Contributes to and may lead security compliance initiatives such as SSAE 18 SOC 1 and SOC 2, ISO 27001, PCI-DSS, Global privacy regulations, and internal security reviews of the business.
- Drives the security compliance program across control frameworks leveraging internal toolsets.
- Conducts audits to include controls requirements analysis, gap assessments, and operational reviews.
- Compiles structured audits reports for review and dissemination to auditees, business partners, and other stakeholders.
- Documents and tracks corrective and preventive actions identified during internal and external audits in support of policies and procedures.
- Works with business partners to resolve corrective actions in a timely manner.
- Responds to customer and regulatory requests regarding security services, mechanisms and safeguards.
- Advises internal teams on the implementation of security standards and controls frameworks.
- Provides approved security language in contracts.
- Provides assessments of routine security programs, procedures and controls supporting the company's overall security strategy.
- Implements appropriate security policy and requirements to meet compliance with company security controls and objectives.
- Provides status reports and metrics on all policy and governance aspects to Security, IT, and business leadership.
- Submits formal responses to customer and regulatory requests regarding security services, policies, controls, and mechanisms.
- Maintain regular communication internal stakeholders; participates in both internal and external audit activities.
- Contributes to special projects and documentation as needed; may lead projects of limited scope
- Supports incident response and forensic investigations as needed.
Maintaining Goals
- Submits reports in a timely manner, ensuring delivery deadlines are met.
- Promotes the documenting of project progress accurately.
- Provides input and assistance to other teams regarding projects.
Managing Work, Projects, and Policies
- Manages and implements work and projects as assigned.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Analyzes information and evaluates results to choose the best solution and solve problems.
- Provides timely, accurate, and detailed status reports as requested.
Demonstrating and Applying Discipline Knowledge
- Provides technical expertise and support to persons inside and outside of the department.
- Demonstrates knowledge of job-relevant issues, products, systems, and processes.
- Demonstrates knowledge of function-specific procedures.
- Keeps up-to-date technically and applies new knowledge to job.
- Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
Delivering on the Needs of Key Stakeholders
- Understands and meets the needs of key stakeholders.
- Develops specific goals and plans to prioritize, organize, and accomplish work.
- Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
- Collaborates with internal partners and stakeholders to support business/initiative strategies
- Communicates concepts in a clear and persuasive manner that is easy to understand.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Demonstrates an understanding of business priorities
Additional Responsibilities
- Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
- Demonstrates self confidence, energy and enthusiasm.
- Informs and/or updates leaders on relevant information in a timely manner.
- Manages time effectively and conducts activities in an organized manner.
- Presents ideas, expectations and information in a concise, organized manner.
- Uses problem solving methodology for decision making and follow up.
- Performs other reasonable duties as assigned by manager.
Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
About the Team
Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you?