Senior Manager of IT Security- Governance, Risk and Compliance in Westwood Corporate Headquarters at Marriott Vacations Worldwide

發佈日期: 10/7/2019



Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

Position Summary  

As a member of the professional staff, contributes specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support team and/or department objectives. Generally, works under limited supervision, but within established guidelines, monitoring the flow of work between own department and others in alignment with business strategies, selecting and developing effective managers and work teams, managing own organization through reliable systems and processes, and producing and analyzing more complex business information to assist in the decision-making process.

Job Summary 

The Senior Manager Governance, Risk and Compliance will provide leadership and direction in the day-to-day management and execution of all Governance, Risk and Compliance (GRC) activities which include providing risk oversight, managing the company PCI and compliance programs and overseeing the ongoing execution of risk assessments and testing of key controls. This position will develop and maintain a strategy for managing security related audits, compliance checks and external assessments related to Payment Card Industry (PCI) and other applicable industry standards. Position will also manage the company's third-party management program performing relevant due diligence and annual vendor recertification. Additional responsibilities include design, implementation and facilitation of risk metrics and maturing company security awareness programs. Key areas of specific responsibility include:

 * PCI-DSS Compliance Program Management

 * Enterprise Wide Security Strategy and Maturity development

 * Corporate Compliance and Risk Management

 * Third Party / Cloud Security Assessments

 * Application Compliance Assessments

 * Develop Security Awareness Program

Expected Contributions 

  • Contributes to team, department and/or business results by performing more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
  • Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.
  • Works to enhance the organization's capabilities through effective staffing and development of others by: 

- using appropriate MVW interviewing tools to hire the best managers available from inside or outside.

 - hiring for diversity and balance of skills.

 - setting and maintaining high standards for team and individual performance.

 - providing timely coaching and feedback.

 - making and rewarding distinctions in performance.

  • Assists more senior associates in achieving business results by:

 - identifying opportunities to enhance the effectiveness of business processes.

 - providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.

 - participating in setting department operating plans.

 - recognizing and celebrating team successes.

 - achieving results against budget within scope of responsibility.

  • Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
  • Performs other duties as appropriate.

Specific Expected Contributions 

  • Participate in developing and maintaining the overall Governance Risk and Compliance (GRC) management process and strategy.
  • Manage the MVW vendor compliance certification program to assess new and existing vendors through initial contracting, performance of security due diligence and ongoing recertification efforts.
  • Lead the company risk review policy exception program. Manage the program, document meeting minutes, identify risks, assign risk ratings and execute the program in accordance with the defined procedure.
  • Serve as the lead technical internal resource (as key technical internal company PCI Assessor, PCI-ISA) to coordinate and execute the annual PCI-DSS Assessment.
  • Plan and execute Information Security risk assessments across the Enterprise in accordance with industry standards.
  • Apply qualitative and quantitative measures to calculate and support risk ratings.
  • Collaborate with executive management and department leaders to assess risk posture and concerns.
  • Serve as subject matter expert to internal business and technology teams on range of risk management activities and industry best practices.
  • Define and measure risk metrics to demonstrate IT risk management activities, including monthly dashboards, metrics, and reporting.
  • Participate in key initiatives as the subject matter expert to ensure alignment with IT and Information Security programs and initiatives.
  • Support creation and development of Information Security policies and standards.
  • Partner with Security Awareness teams to proactively promote enhanced security controls and training across IT and business units.
  • Maintain knowledge of external security standards and assures that the MVW environment retains compliance with up to date security standards and principles
  • Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.

Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience. College degree and/or relevant experience typically required.

Specific Candidate Profile

 Education -- BA/BS in business or computer science or appropriate work experience is required. Master's degree in Information Security or similar IT related specialization is also highly desired for this position.

 Experience -- 7+ years' work experience in relevant Information Security position and 2+ year experience in a management role or a similar position or having equivalent skills and experience is highly desired. Experience ideally would include 3+ years in conducting or leading PCI-DSS assessments.

 Certification -- Applicable Information Security risk management and/or compliance certifications (CISSP, CRISC, CISA, PCI-QSA, PCI-ISA, etc.) are strongly preferred.


  • Knowledge of regulatory compliance, standards, and frameworks such as ISO, NIST, COBIT and PCI DSS.
  • Proven understanding of information security risk assessment and risk management procedures and methodologies.
  • Ability to correlate enterprise risk with appropriate administrative, physical and technical security controls.
  • Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
  • Functional understanding and knowledge of security principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).
  • Working knowledge of UNIX and Windows operating systems.
  • Excellent verbal and written communication skills.
  • Experience leading work of others.
  • Strong organizational skills with attention to detail.
  • Ability to react to high pressure dynamic changing environments.
  • Ability to multi-task, problem solve and meet deadlines.

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.