IT Security Compliance Analyst
Marriott Vacations Worldwide

Job Info

---

Job DescriptionAre you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.

Specific Job Summary

The Information Security Compliance Analyst will be responsible for execution of the company compliance program and support strategic objectives enabling continuous compliance with applicable cybersecurity standards and requirements. Performance of day-to-day aspects include scoping review and validation, conducting periodic review exercises, maintaining compliance artifacts, identifying new or enhancing existing controls to mature the overall security posture, and partnering with IT and business stakeholders to advise on Information Security impacting projects and support regulatory compliance attestation efforts. This individual will be working cross-functionally at all levels of the enterprise to support and requires deep technical and business process knowledge to maintain and mature the company's security compliance capabilities.

Key areas of specific responsibility include:

• Information Security Compliance Program Execution
• Review and maintain relevant cybersecurity policies, processes, and standards
• Advocate for the continued integration of compliance activities into standard operating processes
• Support Information Security awareness program
• Integrate regulatory compliance artifact collection, review, and attestation processes with company GRC platform.

Generic Expected Contributions

• Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
• Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.
• Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff.
• Assists more senior associates in achieving business results by:
  • identifying opportunities to enhance the effectiveness of business processes.
  • providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
  • participating in setting department operating plans.
  • recognizing and celebrating team successes.
  • achieving results against budget within scope of responsibility.
• Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
• Performs other duties as appropriate.

Specific Expected Contributions

Product Ownership

• Support execution of internally performed and 3rd party audit and assessment activities.
• Drive efforts to mature and standardize Information and CyberSecurity best practices across MVWC.
• Facilitate and execute enterprise scoping, control assessments, evidence collection, issue remediation, and reporting activities.
• Maintain cybersecurity compliance related policy, standard and procedure documentation to drive consistent and repeatable compliance activities.
• Provide consultative support to cross-functional business partners on the methods, practices, and solutions in alignment with organizational information security compliance strategies.
• Administer common control frameworks (NIST, COBIT5, ISO 27000 and/or CIS) to ensure relevant internal and external information security requirements are mapped and communicated to the enterprise.
• Research, evaluate, and stay current on emerging security and compliance trends, standards, techniques, and technologies.
• Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.

Candidate Profile

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:

Generally, a professional position requiring significant knowledge and experience in one or more disciplines and/or business operations as well as associate and/or organizational management experience. College degree and/or relevant experience generally required.

Specific Candidate Profile

• Education - BA/BS in business or computer science or appropriate work experience is required.
• Experience - 3+ years' work experience in relevant Information Security position.
• Certification - Applicable industry certification is preferred or willing to attain such as CISA (Certified Information Security Auditor), IAP (Internal Audit Practitioner), CISSP (Certified Information System Security Professional).

Skills/Attributes

• Experience evaluating and operationalizing compliance to industry regulations
• Knowledge of security frameworks like NIST, COBIT5, ISO 27000 and/or CIS
• Familiarity with ITGCs such requirements of the PCI DSS and/or SOX Section 404.
• Experience in successfully organizing and leading Information Security assessment and audit activities.
• Experience with GRC/ERM tools (e.g. MetricStream, RSA Archer, Galvanize, Logicmanager, etc.).

• Proven understanding of information security risk assessment and risk management procedures and methodologies.
• Ability to clearly present complex technical concepts and techniques to others.
• Proven technical expertise including knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
• Functional understanding and working knowledge of security principles, standards and processes, such as authentication and access control, secure configuration, network segmentation and traffic analysis, endpoint security, platform architecture, application security, encryption and key management, change management, cloud security, etc.
• Exceptional verbal and written communication skills.
• Outstanding organizational skills

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture

This job has expired.