Job Number 24132536Job Category AdministrativeLocation Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United StatesSchedule Full-TimeLocated Remotely? YRelocation? NPosition Type ManagementThis is a temporary position.The Manager of Infrastructure Delivery – Audit and Compliance Management, supports and monitors IT governance and risk management strategies across the technology landscape that comply with applicable regulations, and cybersecurity and IT policies. This strategic role is responsible for implementing technology risk mitigation strategies emerging from audits, cyber threats, data privacy regulations and IT operations. You will play a vital role to ensure critical technology services and capabilities remain operational, stakeholders are kept abreast, and financial & reputational loss is prevented.You will help Marriott’s Infrastructure Delivery and Shared Services (I&DSS) team build the audit and compliance muscle to effectively respond to any internal/external audits or assessments. This includes sharing best practices of internal controls with process owners, conducting control readiness checks, supporting the tracking and reporting of any findings with associated teams utilizing data analytics, and guiding process owners to drive issue closure. You will leverage automation to gather evidence, build reports, status reports on compliance readiness and improve control design. Additionally, this role will assist the development of proactive risk management including communicating emerging risks and advising on the implementation of expected controls for effective risk mitigation across our technology landscape - for our customers, our associates, and our communities. We are seeking a highly motivated individual who can bring a solution-oriented mindset and is able to deliver quality results by overcoming ambiguity.CANDIDATE PROFILERequired:
Undergraduate degree in Business, Finance, Information Technology, Cybersecurity, Data Analytics, Robotics, or related discipline and/or equivalent experience/certification
At least 5 years of IT leadership experience with a blend of deep technical knowledge and a customer-focused mindset that also includes:
2+ years in IT infrastructure risk, governance, audit and compliance for legacy and cloud native environments
2+ years leading and/or executing audits, compliance activities and risk mitigation strategies
Experience in automation of IT governance and risk management processes
Working knowledge of leading industry frameworks, standards, best practices, risk management techniques and experience in evaluating and advising the design and implementation of IT infrastructure and cybersecurity controls used for cloud/non-cloud environments
At least one of the professional certifications (e.g., CISA, CRISC, CISSP) in cybersecurity, governance, risk, compliance, audit areas
Experience in working with cross functional, sourced, or matrixed teams
Strong problem resolution skills
Strong attention to detail with proven ability to effectively prioritize and execute tasks in a dynamic and high-pressure environment
Excellent verbal and written communication skills for a wide range of audiences including senior leaders, business stakeholders and IT teams
Preferred:
Graduate Degree in a technical discipline
Experience with major enterprise GRC, DevSecOps, cybersecurity technologies (e.g., ServiceNow, Jira, Confluence, Splunk, CrowdStrike, etc.)
Solid experience in project/portfolio management
Experience operating in Scaled Agile Framework environment
Strong data analytics technical skills (e.g., PowerBI) to support reporting and BI needs
CORE WORK ACTIVITIES
Lead and support security issue management work
Actively monitor and follow up on open security issues and internal audit findings on a daily basis
Coordinate with compliance point of contacts in other functional areas to gather status and obtain context of open security issues, recommend path forward to drive issue closure, and support internal and external reporting of pre-defined issue metrics
Serve as the key resource to provide clarification of issue management process for I&DSS issue owners
Support the reporting of key performance metrics to senior management
Assist the regulatory compliance work
Support the tracking of active/planned work by process owners
Support the development of control inventory for technical environment I&DSS owns
Help advise on control design, implementation and effectiveness and validate the adequacy of supporting documentation
Assist the automation of compliance evidence gathering and reporting to drive adherence to policy and to reduce human error
Support the reporting of compliance state at program level to senior management
Support the development of the Risk Management and Compliance function
Develop and/or enhance the standard operating procedures for risk management and compliance processes and maintain the documentation for governance operation and knowledge sharing
Support the alignment of risk management and compliance operations with enterprise tools and platforms
Lead/support the implementation of process optimization and automation of risk management and compliance operations
Support the development of I&DSS audit and compliance program including planning activities and I&DSS control reviews covering infrastructure and operations, network, workplace services, and infrastructure security, cybersecurity, cloud and third-party risk, programs and projects via automation of I&DSS controls evidence gathering
Understand the impact on on-premises technology and cloud technology, operational risk to the I&DSS organization
Perform control readiness review by interviewing process owners and examining supporting evidence
Lead kickoff, status, and closing meetings with team and key stakeholders and contribute to I&DSS audit knowledge base and internal practice development initiatives
Prepare clear, written, fact-based reports for the leadership use, working with management to detail action steps to reduce risk
Assist ad hoc / special I&DSS audit and compliance projects and participate in various business initiatives to assess the impact to the internal controls environment (e.g., new system implementation pre and post reviews and automation of manual controls)
Coordinate with external/internal auditors, internal leaders, and process owners to ensure engagement and timely execution of audit work impacting I&DSS organization
Assist the development of key metrics for proactive risk management. Apply data analytics to build dashboards for effective reporting and support data-driven risk management activities
Other duties as assigned
Managing Projects and Priorities
Develops specific goals and plans to prioritize, organize, and accomplish work for self and/or team members
Provides direction and assistance to other teams regarding projects. Determines priorities, schedules, plans, and necessary resources to ensure completion of any projects on schedule
Analyzes information and evaluates results to choose the best solution and solve problems
Thinks creatively and practically to develop, execute, and implement new plans or programs. Generates and provides accurate and timely results in the form of reports, presentations, etc.
Provides recommendations to improve the effectiveness of processes or programs
Understands and meets the needs of key stakeholders
Supports achievement of performance goals, budget goals, team goals, etc.
Salary Range $40.17 to $64Washington Applicants Only: Employees will accrue 0.0334 PTO balance for every hour worked and eligible to receive minimum of 9 holidays annually.FLEX opportunities offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.The application deadline for this position is 1 day after the date of this posting, July 29, 2024.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.