Marriott Vacations Worldwide Lead Information Security Analyst, Policy & Compliance in Lakeland, Florida
/Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true./
System Job Title: SRMGR, INFORMATION TECHNOLOGY
Leadership Role: INDIVIDUAL CONTRIBUTOR
As a member of the professional staff, contributes a high level of specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) area to support department and/or function objectives. Generally works with considerable independence, developing operating plans and related operational processes for own department in alignment with broader business objectives.
_Specific Job Summary_
This position is responsible for developing and leading several key aspects of our enterprise information security policy and compliance program. Responsibilities include contributing to our Enterprise Information Security Program with responsibility for developing and implementing strategies to achieve gains in the overall Security Program Maturity. This position provides subject matter expertise and consulting across all security domains that impact all MVW business operations. These domains include applications, operations, controls, audit and compliance. The position also leads the security compliance risk review process and directs all aspects of the annual PCI-DSS annual assessment program. Key areas of specific responsibility include:
PCI-DSS Compliance Program Management
Enterprise Wide Security Strategy and Maturity development
Corporate Compliance and Risk Management
Third Party / Cloud Security Assessments
Internal Application Compliance Assessments
Develops operating plans and workable business processes for own department in alignment with function strategy.
Manages larger business processes and/or projects, setting priorities and measurable objectives, monitoring and reporting on the process, progress and results.
Responds to, solves and makes decisions on business requests that have broader department impact and/or moderate risk. Presents alternative solutions to business issues by leveraging the broader organization.
Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff. Typically influences work of cross-functional or extended teams.
Assists more senior associates in achieving business results by:
acting in a consultative fashion to implement programs impacting the broader organization.
assisting in the development and communication of broader organizational goals.
achieving results against budget within scope of responsibility.
taking calculated risks to move the department or team forward.
developing and using systems to organize and keep track of information.
balancing the interests of own group with the interests of the organization.
working with others to identify and remove barriers to success.
Readily critiques own behavior to acknowledge mistakes and improve future leadership performance and acts independently to improve and increase skills and knowledge.
Performs other duties as appropriate.
_Specific Expected Contributions_
Contributes to the overall information security program model including identifying and implementing opportunities for maturity improvement.
Responsible for managing the company security policy compliance certification program to review the state of compliance and identify potential gaps and risks related to any engaged security service or application either internal or external.
Chairs the company risk review policy exception program. Manages the program, keeping meeting minutes, identifying risks, assigning risk ratings and executing the program details within the organization
Functions as the lead technical internal resource (as key technical internal company PCI Assessor, PCI-ISA) to coordinate and execute the annual PCI-DSS Assessment.
Maintains proactive communications with customers/partners on security and compliance related issues informing senior management in a timely manner
Maintains knowledge of external security principles and assures that existing environment retains compliance with up to date security standards and principles
Develops policies and procedures and subsequently measures compliance with these policies and procedures
Runs and interprets application related security scans in support of the application software development lifecycle
Day-to-day managerial tasks as assigned
Other Internal/External Audits:
Interfaces with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.
Major Decision Making Impact:
Assess security tools and technologies, recommend security related products for consideration within the MVW global computing environment.
Evaluation and recommendation of security policy & compliance related technologies
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
Generally a professional position requiring significant knowledge and experience in one or more disciplines and/or business operations as well as associate and/or organizational management experience. College degree and/or relevant experience generally required.
_Specific Candidate Profile_
Technical Specialization in Information Security
Technical Integration, background in one or more domains within Information Security
Customer Service Orientation
Communications (Listening, Persuasiveness, Oral, Written)
Leadership (Impact, Involvement, Change Management)
- Education* -- BS/BA in Information Security or other IT related degree highly valued. In addition, a Master's Degree in Information Security or similar IT related specialization is also highly desired for this position.
Experience -- 7+ years' work experience in Information Security or a similar position or having equivalent skills and experience is highly desired. Experience ideally would include 3+ years conducting or leading PCI-DSS assessments.
/Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture./