Manager- Security Architecture and Strategy

JOB SUMMARY

NOTE:  This is a FLEX Associate Engagement  

Position type: Full-time

Manages security strategies, requirements, and standards for applications and platforms, providing technical guidance as a Security SME. Ensures communication of company and industry security standards to program teams in the SDLC. Identifies and addresses security gaps in collaboration with project teams, balancing security with time to market and scalability. Reviews and approves Security Accreditation tasks at each SDLC phase, serving as a key escalation point for security issues. Possesses broad expertise in security areas, including Cloud Computing, Application, IAM, Cryptography, Infrastructure, and Risk. 

Role Responsibilities/Duties: 

• Assures compliance with information assurance, security, and privacy requirements through documentation and validation processes. 
• Defines strategy, provides guidance, and reviews architectural designs to ensure adherence to legal and regulatory requirements. 
• Conducts security and privacy technology research, assessments, and integration processes. 
• Consults with customers to gather functional requirements and provides security and privacy guidelines. 
• Provides advice to leadership on various relevant topics and advocates for policy changes to support initiatives. 
• Monitors ongoing project activities and engages in the Security Engagement Process. 
• Functions as a strategic senior technical expert, developing specific goals and plans for prioritization. 
•  Champions leaders' vision, makes necessary decisions, and provides direction to other teams on projects. 

Qualifications:  

• Bachelor's or master's degree in computer science, information systems, or cybersecurity, or equivalent experience/certification. 
• 7+ years of overall Information Technology experience, including 5+ years in Information Security. 
• 5+ years of Information Security experience in security engineering with a focus on conducting security reviews, performing security accreditations, and developing security architectures and strategies. 
• Experience with Enterprise security patterns and implementing compensating controls. 
• 3+ years of combined experience in areas such as full-stack knowledge of IT infrastructure, cryptography, vulnerability management, and OWASP Top 10. 
• Strong knowledge of IT service management disciplines, including change management, configuration management, asset management, incident management, and problem management. 
• Ability to provide Security Requirements for Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design. 

Competencies:  

• Expertise in defining and implementing Security Requirements across Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design. 
• Proficiency in comprehending and securing large, complex integrated solutions between systems. 
• Experience crafting and implementing Enterprise Security Strategies. 
• Proven ability to design the deployment of applications and infrastructure across internal, hybrid, and public cloud services. 
• Strong capabilities in independent research, documentation, and effective written communication for diverse audiences.

Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.