Dir-Information Security - Business Partnerships

Job Number24052780Job CategoryInformation TechnologyLocationMarriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United StatesScheduleFull-TimeLocated Remotely?YRelocation?NPosition TypeManagementJOB SUMMARY:The BISP (Business Information Security Partner) is the Information Security program owner for their assigned lines of business along with Global Technology products, platforms, infrastructure, and shared services. As a trusted advisor to SVP leadership, this role will strategically engage with the lines of business, Global Technology (GT), Executive Leadership Team, and their respective towers. Keep clear lines of communication, including but not limited to; transparency to the line of business and GT SVPs on security roadmaps, tactical initiatives, reporting of security risks to the product and platform, impacting lines of business and the GIS sub-functions. In addition, this role will ensure business compliance with the Information Security Policy and Standards while continuously monitoring and reporting on risks and documented exceptions.As the business support partner, the incumbent will use their experience in and knowledge of cyber security, business, and risk management as well as their process management, financial acumen, negotiating, influence, and problem-solving skills to understand business and security technology lifecycles and objectives; further, to translate them into mutually beneficial business strategies and multi-year plans for their product and platform clients.CANDIDATE PROFILEEducation and ExperienceRequired:8+ years relevant work experience including:6 years in cybersecurity that includes security program management, metrics capture and analysis and technology expertise.3+ years leading the design and implementation of information security programs3+ years developing and executing strategic technology plans and/or project portfolios2+ years' implementing enterprise security risk management frameworks and processes2+ years communicating with executive leadership on security risks and impactsBachelor's degree in Computer Sciences, Cybersecurity, Information Security, Information Technology, Business or related field or equivalent experience/certification.Preferred:Previous experience serving as a Business Information Security Officer (BISO) with the responsibility to be the primary Information Security interface with one or more major Lines of BusinessSignificant experience in risk mitigation and assessment in application to business needsExperience providing advisory services to a line of business on risk issues related to Information Security and recommending actions in support of business broader risk management and compliance programsDemonstrated strategy development and thought leadership within Information Security and CybersecurityMastery of Soft-side and Technical Consulting Skills: growing and maintaining positive strategic relationships, comfortable supporting Sr. Exec Business and Technology Leadership, briefing Sr. Leadership on technical topics, anticipating and proactively addressing needs and concerns, listening/discerning.Good understanding of security best practices, including NIST CSF, NIST 800-53, ISO27001, and PCI DSS, and will have experience working with one of these frameworks.Knowledge of global regulatory standards, including GDPR, CCP, Etc.Strong analytical, planning, organizational, and problem-solving skillsProven ability to translate strategy into specific goals, action plans, and deliverables, then track, execute, and report on the goals, actions plan, and deliverables.A solid understanding of risk-based decision-making and risk management frameworksExperience working in an Agile environmentKnowledge of DevSecOps | application securityExperience participating in and coordinating activities for security incident responsesAbility to demonstrate security experience via certifications (CISSP, CISA, CRISC, CISM, etc.) or significant career accomplishmentsGraduate/post-graduate degreeCORE WORK ACTIVITIESAct as the deputy of the CISO/ISP leader in terms of strategy and program management to manage and effect cybersecurity risk? within lines of businessOwn and drive the information security program for respective lines of businessProvides thought leadership to lines of business, along with Global Technology product and platform technology roadmap strategiesProvides leadership to lines of business for the implementation of the Marriott Information Security policy, procedures, and standards throughout their businessLiaise and coordinate between business teams and Global Information Security to promote the adoption of the GIS strategy and security offeringsServes as the escalation point of contact for assigned lines of business; leads efforts to resolve escalated issuesNegotiates trade-offs within and across different solution platforms.Provides insights on impacts of the timing of solution introduction and technology retirementProactively identifies information security deficiencies or opportunities for improvement to enable information security at the global level better.Provides communication or escalation path for information security issues identified by Global Information Security or the product and platform teams.Supports risk management process by identifying risk, consulting on remediation plans, and monitoring risk remediation to closureServe as business subject matter expert for incident response and consult and coordinate on emergency actions to protect the business?Deliver security awareness training to drive risk-based decision-making, enabling business teams to achieve their strategies and goals?Monitor Key Performance Indicators (KPIs) & Key Risk Indicators (KRIs); Design and develop appropriate KPIs and KRIs ?Hold a permanent seat on governance boards and committees that impact or converge with Information Security ?Deliver program consistency and effectiveness across all lines of business for approaches, processes, and procedures.Participates in reporting requirements, monthly/quarterly status meetings, and offsites.Maintaining GoalsSubmits reports in a timely manner, ensuring delivery deadlines are met.Promotes the documenting of project progress accurately.Provides input and assistance to other teams regarding projects.Managing Work, Projects, and PoliciesManages and implements work and projects as assigned.Generates and provides accurate and timely results in the form of reports, presentations, etc.Analyzes information and evaluates results to choose the best solution and solve problems.Provides timely, accurate, and detailed status reports as requested.Demonstrating and Applying Discipline KnowledgeProvides technical expertise and support to persons inside and outside of the department.Demonstrates knowledge of job-relevant issues, products, systems, and processes.Demonstrates knowledge of function-specific procedures.Keeps up-to-date technically and applies new knowledge to job.Uses computers and computer systems (including hardware and software) to enter data and/ or process information.Delivering on the Needs of Key StakeholdersUnderstands and meets the needs of key stakeholders.Develops specific goals and plans to prioritize, organize, and accomplish work.Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.Collaborates with internal partners and stakeholders to support business/initiative strategiesCommunicates concepts in a clear and persuasive manner that is easy to understand.Generates and provides accurate and timely results in the form of reports, presentations, etc.Demonstrates an understanding of business prioritiesCalifornia Applicants Only: The salary range for this position is $110,550.00 to $245,238.00 annually.Colorado Applicants Only: The salary range for this position is $110,550.00 to $222,943.00 annually.Hawaii Applicants Only: The salary range for this position is $133,766.00 to $245,238.00 annually.New York Applicants Only: The salary range for this position is $110,550.00 to $245,238.00 annually.Washington Applicants Only: The salary range for this position is $110,550.00 to $245,238.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus and restricted stock units/stock grants. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.The application deadline for this position is 28 days after the date of this posting, 03/26/2024.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.Bewhere you can do your best work,?beginyour purpose,belongto an amazing global? team, andbecomethe best version of you.