Senior Analyst, Governance, Risk and Compliance in MVW Corporate Headquarters at Marriott Vacations Worldwide

Date Posted: 1/30/2020

Job Snapshot

Job Description

Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

Generic Position Summary

As a member of the professional staff, contributes specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) area to support team and/or department business objectives. Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process.

Specific Job Summary (describe the nature and purpose of the position)

The Governance, Risk and Compliance Analyst will perform day-to-day management and execution of all Governance, Risk and Compliance (GRC) activities which include providing risk oversight, execution of risk assessments, testing of key controls and supporting the company’s PCI and compliance programs.  This Position will also serve as key contributor to the company’s third-party management program performing relevant due diligence and annual vendor recertification.  Additional responsibilities include design, implementation and facilitation of risk metrics and maturing company security awareness programs.  Key areas of specific responsibility include

* Enterprise Wide Security Strategy Execution and Maturity development

* Corporate Compliance and Risk Management

* Third Party / Cloud Security Assessments

* Application Compliance Assessments

* PCI-DSS Compliance Program Execution

* Develop Security Awareness Program

Generic Expected Contributions

  • Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
  • Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk. 
  • Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff.
  • Assists more senior associates in achieving business results by:
    • identifying opportunities to enhance the effectiveness of business processes.
    • providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
    • participating in setting department operating plans.
    • recognizing and celebrating team successes.
    • achieving results against budget within scope of responsibility.
  • Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
  • Performs other duties as appropriate.

Specific Expected Contributions (including duties and responsibilities)

  • Participate in developing and maintaining the overall Governance Risk and Compliance (GRC) management process and strategy.
  • Serve as the technical SME for the implementation of a GRC platform including customization of workflows and integration with existing processes and technologies
  • Support the MVW vendor compliance certification program to assess new and existing vendors through initial contracting, performance of security due diligence and ongoing recertification efforts.
  • Serve as subject matter expert to internal business and technology teams on range of risk management activities and industry best practices.
  • Plan and execute Information Security risk assessments across the Enterprise in accordance with industry and compliance standards.
  • Apply qualitative and quantitative measures to calculate and support risk ratings.
  • Collaborate with executive management and department leaders to assess risk posture and concerns.
  • Define and measure risk metrics to demonstrate IT risk management activities, including monthly dashboards, metrics, and reporting.
  • Participate in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives.
  • Support creation and development of Information Security policies and standards.
  • Partner with Security Awareness teams to proactively promote enhanced security controls and training across IT and business units.
  • Maintain knowledge of external security standards and assure that the MVW environment retains compliance with up to date security standards and principles
  • Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.

Generic Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience.  College degree and/or relevant experience typically required.

Specific Candidate Profile (the education, experience, skills and attributes that are important for this position)

Education – BA/BS in business or computer science or appropriate work experience is required.

Experience 7+ years’ work experience in relevant Information Security position.

Certification – Applicable Information Security risk management and/or compliance certifications (CISSP, CRISC, CISA, PCI-QSA, PCI-ISA, etc.) are strongly preferred.


  • Knowledge of regulatory compliance, standards, and frameworks such as ISO, NIST, COBIT and PCI DSS.
  • Proven understanding of information security risk assessment and risk management procedures and methodologies.
  • Previous experience implementing and maturing a GRC technology platform
  • Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls.
  • Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
  • Functional understanding and knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).
  • Working knowledge of UNIX and Windows operating systems.
  • Excellent verbal and written communication skills.
  • Strong organizational skills with attention to detail.
  • Ability to react to high pressure dynamic changing environments.
  • Ability to multi-task, problem solve and meet deadlines.

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.