Manager - Infrastructure Delivery, Audit and Compliance

JOB SUMMARY

NOTE:  This is a FLEX Associate Engagement  

Position type: Full-Time

The Manager of Infrastructure Delivery – Audit and Compliance Management, supports and monitors IT governance and risk management strategies across the technology landscape that comply with applicable regulations, and cybersecurity and IT policies. This strategic role is responsible for implementing technology risk mitigation strategies emerging from audits, cyber threats, data privacy regulations and IT operations. You will play a vital role to ensure critical technology services and capabilities remain operational, stakeholders are kept abreast, and financial & reputational loss is prevented.

You will help Marriott’s Infrastructure Delivery and Shared Services (I&DSS) team build the audit and compliance muscle to effectively respond to any internal/external audits or assessments. This includes sharing best practices of internal controls with process owners, conducting control readiness checks, supporting the tracking and reporting of any findings with associated teams utilizing data analytics, and guiding process owners to drive issue closure. You will leverage automation to gather evidence, build reports, status reports on compliance readiness and improve control design. Additionally, this role will assist the development of proactive risk management including communicating emerging risks and advising on the implementation of expected controls for effective risk mitigation across our technology landscape - for our customers, our associates, and our communities. We are seeking a highly motivated individual who can bring a solution-oriented mindset and is able to deliver quality results by overcoming ambiguity.

CANDIDATE PROFILE

Required:

• Undergraduate degree in Business, Finance, Information Technology, Cybersecurity, Data Analytics, Robotics, or related discipline and/or equivalent experience/certification
• At least 5 years of IT leadership experience with a blend of deep technical knowledge and a customer-focused mindset that also includes:

1. 2+ years in IT infrastructure risk, governance, audit and compliance for legacy and cloud native environments
2. 2+ years leading and/or executing audits, compliance activities and risk mitigation strategies
3. Experience in automation of IT governance and risk management processes
4. Working knowledge of leading industry frameworks, standards, best practices, risk management techniques and experience in evaluating and advising the design and implementation of IT infrastructure and cybersecurity controls used for cloud/non-cloud environments
5. At least one of the professional certifications (e.g., CISA, CRISC, CISSP) in cybersecurity, governance, risk, compliance, audit areas

• Experience in working with cross functional, sourced, or matrixed teams
• Strong problem resolution skills
• Strong attention to detail with proven ability to effectively prioritize and execute tasks in a dynamic and high-pressure environment
• Excellent verbal and written communication skills for a wide range of audiences including senior leaders, business stakeholders and IT teams

Preferred:

• Graduate Degree in a technical discipline
• Experience with major enterprise GRC, DevSecOps, cybersecurity technologies (e.g., ServiceNow, Jira, Confluence, Splunk, CrowdStrike, etc.)
• Solid experience in project/portfolio management
• Experience operating in Scaled Agile Framework environment
• Strong data analytics technical skills (e.g., PowerBI) to support reporting and BI needs

CORE WORK ACTIVITIES

• Lead and support security issue management work

1. Actively monitor and follow up on open security issues and internal audit findings on a daily basis
2. Coordinate with compliance point of contacts in other functional areas to gather status and obtain context of open security issues, recommend path forward to drive issue closure, and support internal and external reporting of pre-defined issue metrics
3. Serve as the key resource to provide clarification of issue management process for I&DSS issue owners
4. Support the reporting of key performance metrics to senior management

• Assist the regulatory compliance work

1. Support the tracking of active/planned work by process owners
2. Support the development of control inventory for technical environment I&DSS owns
3. Help advise on control design, implementation and effectiveness and validate the adequacy of supporting documentation
4. Assist the automation of compliance evidence gathering and reporting to drive adherence to policy and to reduce human error
5. Support the reporting of compliance state at program level to senior management

• Support the development of the Risk Management and Compliance function

1. Develop and/or enhance the standard operating procedures for risk management and compliance processes and maintain the documentation for governance operation and knowledge sharing
2. Support the alignment of risk management and compliance operations with enterprise tools and platforms
3. Lead/support the implementation of process optimization and automation of risk management and compliance operations

• Support the development of I&DSS audit and compliance program including planning activities and I&DSS control reviews covering infrastructure and operations, network, workplace services, and infrastructure security, cybersecurity, cloud and third-party risk, programs and projects via automation of I&DSS controls evidence gathering

1. Understand the impact on on-premises technology and cloud technology, operational risk to the I&DSS organization
2. Perform control readiness review by interviewing process owners and examining supporting evidence
3. Lead kickoff, status, and closing meetings with team and key stakeholders and contribute to I&DSS audit knowledge base and internal practice development initiatives
4. Prepare clear, written, fact-based reports for the leadership use, working with management to detail action steps to reduce risk
5. Assist ad hoc / special I&DSS audit and compliance projects and participate in various business initiatives to assess the impact to the internal controls environment (e.g., new system implementation pre and post reviews and automation of manual controls)

• Coordinate with external/internal auditors, internal leaders, and process owners to ensure engagement and timely execution of audit work impacting I&DSS organization
• Assist the development of key metrics for proactive risk management. Apply data analytics to build dashboards for effective reporting and support data-driven risk management activities
• Other duties as assigned

Managing Projects and Priorities

• Develops specific goals and plans to prioritize, organize, and accomplish work for self and/or team members
• Provides direction and assistance to other teams regarding projects. Determines priorities, schedules, plans, and necessary resources to ensure completion of any projects on schedule
• Analyzes information and evaluates results to choose the best solution and solve problems
• Thinks creatively and practically to develop, execute, and implement new plans or programs. Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Provides recommendations to improve the effectiveness of processes or programs
• Understands and meets the needs of key stakeholders
• Supports achievement of performance goals, budget goals, team goals, etc.

Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.

FLEX employees will accrue .03334 hours of paid leave for every hour worked and be eligible to receive minimum of 9 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for remote positions.

The application deadline for this position is 14 days after the date of this posting, May 14th, 2024 .