Director, IT Information Security, Application Security Architecture - Identity & Access Management Architecture
Marriott International offers you the opportunity to find the hospitality job and career journey that’s right for you. With more than 5700 properties and 30 brands you’ll find us in your neighborhood and in more than 110 countries across the globe. Find Your World™ at Marriott.
THIS POSITION CAN BE LOCATED IN STAMFORD, CT OR BETHESDA, MD HQ
Develops and maintains security strategies, requirements, and standards for Identity and Access Management (IAM). Designs and implements security IAM solutions for internal associates and external customers. Provides in depth technical security consulting, and responsible for engagement of internal and external Security Subject Matter Experts (SME) throughout various project lifecycles. Serves as point of escalation for security issues and risks that may arise during the course of a technology project. Reviews and approves privacy/security policy compliance of for project deliverables as outlined in the Software Development Life Cycle. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability.
Education and Experience
- Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
- 8+ years of information technology leadership experience
- Experience architecting and implementing of Identity Management technologies such as PingID, SailPoint, ForgeRock, Entrust Identity Guard, IBM Security identity and access solutions or Oracle IAM.
- Experience developing security domain architectures and standards
- Direct management of cross functional, sourced, or matrixes teams
- Current information security certification, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
- Proven knowledge of SDLC and good understanding of ITIL v3 Framework
- Strong negotiating, influencing and problem resolution skills
- Proven ability to effectively prioritize and execute tasks in a high-pressure environment
- Experience in business systems and process planning
- Knowledge of business environment, service requirements and hospitality culture
- Ability to translate information security objectives into mutually beneficial business strategies for the client organizations
- Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action
- Deep understanding of IT financial structures and ability to manage to corporate financial practices and goals, including drivers of process cost
- In depth understanding of Single Sign On federation products using SAML and OAuth technology
- Experience utilizing security best-practices to control access to LDAP resources and Identity and Access Management Solutions.
- Graduate/post graduate degree
CORE WORK ACTIVITIES
Standards & Business Partnership
- Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
- Defines strategy and roadmap, provides governance, creates standards and guidelines, and reviews and approves architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.
- Conducts security and privacy technology research and assessments and integration processes; provides and supports a prototype capability and/or evaluates its utility.
- Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.
- Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.
- Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products.
- Applies knowledge of priorities to define an entity’s direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.
- Oversees the information assurance (IA) program of an information system in or outside the network environment; may include procurement duties.
- Manages and measures information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, risk management, security awareness, and other resources.
Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.
Leading Through Vision and Values - Keeps the organization's vision and values at the forefront of employee decision making and action.
Managing Change - Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.
Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.
Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.
Strategy Development - Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.
Building a Successful Team - Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization.
Strategy Execution – Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.
Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.
Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company’s service standards.
Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.
Strategic Partnerships - Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed.
Generating Talent and Organizational Capability
Developing Others - Plans and supports the development of others’ skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively; provides high visibility to individuals with potential; offers challenging assignments that build confidence and credibility and provides such individuals with a personal vision for their future.
Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit.
Learning and Applying Professional Expertise
Business Acumen - Understands and utilizes business information to manage everyday operations and generate innovative solutions to approach business and administrative challenges.
Technical Acumen - Understands and utilizes professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach function-specific work challenges.
Technical Intelligence: knowledge and ability to identify technological opportunities and threats that could affect the future growth and survival of the business.
- Technology Life Cycle: knowledge of the Life Cycle of technologies and how applications, infrastructure, and processes relate to these timelines.
- IT Systems: Knowledge of IT systems supporting the business including benefits, requirements, costs, justification, and operations.
IT Resources: The ability to secure and manage IT resources to achieve business objectives (e.g., contracts, vendor relationships, financial accountability, portfolio management, information and resource planning) and measure project impact.
Continuous Learning - Actively identifies new areas for learning; regularly creates and takes advantage of learning opportunities; uses newly gained knowledge and skill on the job and learns through their application.
Strategy Knowledge - Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage business operations and generate innovative solutions to approach function-specific strategic work challenges.
Basic Competencies - Fundamental competencies required for accomplishing basic work activities.
Basic Computer Skills - Uses basic computer hardware and software (e.g., personal computers, word processing software, Internet browsers, etc.).
Mathematical Reasoning - Adds, subtracts, multiplies, or divides quickly, correctly, and in a way that allows one to solve work-related issues.
Oral Comprehension - Listens to and understands information and ideas presented through spoken words and sentences.
Reading Comprehension - Understands written sentences and paragraphs in work related documents.
Writing - Communicates effectively in writing as appropriate for the needs of the audience.
Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.
Meet Some of Marriott International's Employees
Director, Moxy Hotels
Vicki works to introduce the world to the Moxy Hotels experience. She and her Brand, Marketing, Sales, and Consumer Services teammates outline the hotels' special features and benefits—and entice travelers to explore all they have to offer.
Back to top