Job Description

Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

*Will consider remote candidates*

Position Summary

As a member of the leadership staff, contributes specialized knowledge and skill in a discipline (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) area to support team and/or department business objectives. Generally, works under limited supervision, but within established guidelines, providing leadership for technical staff. This role supports senior leadership by providing guidance and positive outcomes for assigned initiatives.

Specific Job Summary

The Associate Director of Security Testing and Assurance will lead a team of security control testing professionals in the areas of vulnerability management, penetration testing and application security across internal, external, mobile, IOT and cloud environments to ensure that all company systems, applications, and websites are protected from the latest threats. The position will provide technical expertise to evaluate systems and applications, identify security vulnerabilities, and support remediation and validation activities. The role will guide the team to align testing activities with company priorities, regulatory requirements, and industry best practices. Key areas of specific responsibility include:

• Holistic security assurance program execution

• Deliver testing solutions and outputs based on senior security leadership goals

• Document and deliver testing findings that are clear and actionable for relevant business and technology teams

• Develop team talent in the form of external training, mentorship, and other opportunities for continued growth

• Understand vulnerability risks and how to remediate them in real-world applications

• Partner to develop understanding of technical risks and the impact of these risks to the company

Expected Contributions

• Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages projects or business processes as part of team delivery

• Responds to, solves, and makes decisions on more complex/non-routine business requests with limited to moderate risk.

• Responsible for own work and the output of the security assurance team.

• Leads Security Assurance Team members

• Assists more senior associates in achieving business results by:

− identifies opportunities to enhance the effectiveness of business processes.

− providing training and technical guidance, where appropriate, and serves as the first escalation point of contact for vulnerability/finding resolution.

− Participates in setting department operating plans.

− Recognizes and celebrating team successes.

− Achieves results against budget within scope of responsibility.

• Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.

• Demonstrates an awareness of team strengths and areas for improvement then acts independently to improve and increase skills and knowledge.

• Performs other duties as appropriate.

Specific Expected Contributions

• Analyze and assist in the secure design and architecture of applications and network infrastructure.

• Work with software developers, project managers, DevOps, and QA, to review, assist and recommend changes and solutions to address the security of web, cloud, IoT, Enterprise, and mobile solutions throughout the SDLC and in accordance with the OWASP testing guide.

• Review and guide security assessments of systems and applications using industry standard tools and techniques to identify vulnerabilities.

• Assign and lead security penetration testing directives in accordance with written security policy, and industry best practices.

• Deliver insights to Information Security Senior leadership based on risk-rank identified threats to prioritize mitigation and provide mitigation strategies for applications from infrastructure, architecture, and secure coding perspectives

• Evaluate reports to demonstrate assessment results and working with the system engineers and software teams to ensure corrective actions are implemented and validated.

• Coordinate Penetration Testing efforts with approved 3rd parties, as required.

• Maintain demonstrable knowledge of current vulnerability exploitation techniques.

• Research, evaluate, and stay current on emerging security tools, trends, policies, best practices, techniques, and technologies.

Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows: Generally, a professional position with specific knowledge in a discipline (e.g., Accounting, Human Resources, Information Resources).

College degree and/or relevant experience typically required.

Specific Candidate Profile

• Education – BA/BS in business or computer science or appropriate work experience is required.

• Experience – 7+ years’ work experience in relevant Information Security position with at least 3 years of management experience.

Certification

– Security certification is strongly preferred – OSCP, CISSP, CCSP, etc.

– May not be reproduced without written permission of MVW. Skills/Attributes

• Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.

• Knowledge and experience working within large global enterprises with a myriad legacy and modern technologies.

• Knowledge and experience with cloud, container, and “As-a-Service” security practices.

• Advanced working understanding of penetration test assessment procedures to include network, web application, wireless, mobile and IoT.

• Hands-on experience using, clarifying, and prioritizing penetration testing findings based on requirements and business needs.

• Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures.

• Expert understanding of vulnerability management programs, tools, and practices. Expert understanding of security vendor landscape and modern security tools/practices.

• Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.

• Advanced working understanding of web application and network technologies, programing languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.

• Effective interpersonal skills.

• Experience in analyzing risk associated with security vulnerabilities.

• Demonstrated strong organizational skills with attention to detail.

• Demonstrated ability to lead technical teams

• Demonstrated ability to translate technical security findings to business outcomes

• Advanced understanding of compliance and regulatory security requirements (PCI, SOX, etc.)

• Ability to react to high pressure dynamic changing environments.

• Ability to multi-task, problem solve and meet deadlines

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture