Associate Director, PCI Compliance Program Director in Orlando at Marriott Vacations Worldwide

Date Posted: 1/27/2020

Job Snapshot

Job Description

Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

CLS Generic Position Summary

As a member of the professional staff, contributes specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support team and/or department objectives. Generally, works under limited supervision, but within established guidelines, monitoring the flow of work between own department and others in alignment with business strategies, selecting and developing effective managers and work teams, managing own organization through reliable systems and processes, and producing and analyzing more complex business information to assist in the decision-making process. 




Specific Job Summary (describe the nature and purpose of the position)

The PCI Compliance Program Director will lead the Security Compliance function providing leadership and direction in the day-to-day management and execution with specific focus on MVW’s Payment Card Industry (PCI) program. The position will support strategic objectives and enable continuous compliance with applicable security standards and requirements. This individual will be working cross-functionally at all levels of the enterprise to support the security compliance strategy and ensure it is being implemented effectively and in a timely manner. The role will require deep technical and business process knowledge in order to maintain and mature the company’s security compliance capabilities.



CLS Generic Expected Contributions

  • Contributes to team, department and/or business results by performing more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
  • Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk. 
  • Works to enhance the organization’s capabilities through effective staffing and development of others by:
    • using appropriate MVW interviewing tools to hire the best managers available from inside or outside.
    • hiring for diversity and balance of skills.
    • setting and maintaining high standards for team and individual performance.
    • providing timely coaching and feedback.
    • making and rewarding distinctions in performance.
  • Assists more senior associates in achieving business results by:
    • identifying opportunities to enhance the effectiveness of business processes.
    • providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
    • participating in setting department operating plans.
    • recognizing and celebrating team successes.
    • achieving results against budget within scope of responsibility.
  • Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
  • Performs other duties as appropriate.



Specific Expected Contributions (including duties and responsibilities)

  • Responsible for the day-to-day assignments, development, and performance of the security compliance team.
  • Lead execution of internally performed and 3rd party audit activities in accordance with the PCI DSS.
  • Implement and lead PCI compliance projects and initiatives.
  • Lead efforts to mature and standardize the PCI compliance program across MVWC.
  • Facilitate and execute enterprise scoping, control assessments, evidence collection, issue remediation, and reporting activities.
  • Maintain security compliance related policy, standard and procedure documentation to drive consistent and repeatable compliance activities.
  • Provide consultative support to cross-functional business partners on the methods, practices and solutions in alignment with organizational scoping and PCI compliance strategies.
  • Administer common control frameworks to ensure relevant internal and external information security requirements are mapped and communicated to the enterprise.
  • Research, evaluate, and stay current on emerging security and compliance trends, standards, techniques, and technologies.


CLS Generic Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience.  College degree and/or relevant experience typically required.

Specific Candidate Profile (the education, experience, skills and attributes that are important for this position)

Education – BA/BS in business or computer science or appropriate work experience is required. Master’s degree in Information Security or similar IT related specialization is also highly desired for this position.

Experience – 7+ years’ work experience in relevant Information Security position and 2+ year experience in a management role or a similar position or having equivalent skills and experience is highly desired.

Certification – Applicable industry certification is strongly preferred such as CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), or CISSP (Certified Information System Security Professional). Current or previous Qualified Security Assessor (QSA) or Internal Security Assessor (ISA) certification is also preferred.

Skills/Attributes

  • Experience evaluating and operationalizing PCI DSS compliance.
  • Extensive knowledge of compliance and regulatory frameworks in the technology industry.
  • Experience in successfully organizing and leading PCI audit activities.
  • Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
  • Advanced working understanding of web application and network technologies, databases, Linux, Unix, and Windows operating systems.
  • Ability to communicate security issues to business leaders and business drivers to security staff members.
  • Exceptional Project Management Skills including management of project timelines, while delivering in alignment with business strategy and organizational priorities.


Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.