Marriott Careers

Director, Information Security Compliance

Singapore Regional Office
Singapore, Singapore
Information Technology


Job Description

Check out pictures from associates at this location, and some videos too!

Posting Date May 23, 2018
Job Number 18001HAA
Job Category Information Technology
Location Singapore Regional Office, Singapore, Singapore VIEW ON MAP
Brand Corporate
Schedule Full-time
Relocation? No
Position Type Management

Start Your Journey With Us
Responsible for overseeing and managing hotel compliance/security issues at the continent level.  Lead corporate IT/security and Continent compliance efforts such as PCI, SOX, internal/external audits, compliance amd other initiatives (e.g., IPPA) to identify gaps in the execution of security controls, and provide oversight of individual hotel tracking and reporting of compliance status and progress.  Use property technology and operations experience to identify risks to sensitive data such as PCI or PII in software/hardware products, access procedures, and other technical and operational activities.  Design and, where appropriate, administer processes and procedures that will sustain & improve information security and compliance efforts within Marriott.  Support field IT with information security related issues and problems. Execute the Security Certification program for continent initatives.
Line manager for Senior Manager, Cybersecurity, China, which supports the enterprise Information Protection and Privacy team to develop, implement, and maintain, policies, procedures and tools to protect the company’s information assets for Marriott’s China group of companies.
 
CANDIDATE PROFILE 
 
Education and Experience
Required:
Education and Experience
  • 4-year degree from an accredited university in Information Technology, Hotel Management, or related major;
  • 8 years progressive experience iT Security or related professional area.
  • 2 years hands-on experience with PCI remediation and reporting for merchants and/or service providers.
  • 2 years recent experience as a primary point of security accountability.
  • Considerable process management, negotiating, influencing and problem resolution skills.
  • Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Experience in security systems and process planning.
  • Knowledge of business environment, service requirements and hospitality culture.
  • Strong verbal and written communication skills with the ability to articulate complex technical ideas in easy to understand business terms.
 
 
Preferred:
  • Current information security certification, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), PCI QSA/ISA/PCI-P or similar
  • Knowledge of China Data protection regulations and law
  • Working knowledge of industry security frameworks (e.g., ISO2700X, NIST, Cloud Security Alliance)
  • Field experience in hotel IT or operations
  • Experience with geographically distributed organizations
     
Key Stakeholders
  • Senior Director, iT Technology and Innovation
  • Senior Director, Continent Security Compliance
  • Vice President, China Government Affairs
  • iT Operations Leadership
  • Hospitality and iT Security technology vendors
  • Corporate iT Security
  • Internal Audit
  • Corporate Legal and Privacy
  • Other roles involved in data and system protection
 
CORE WORK ACTIVITIES
 
Managing Projects and Priorities
  • Responsible for security compliance owned and managed hotels including compliance efforts such as PCI, PII, IPPA, IT controls, self-audit and related reporting.  As necessary, facilitate internal/external audits where security and data protection controls are in scope.
  • Continent oriented subject matter expert on all aspects of the system security procedures for property as well as above property initiatives.
  • Managing, and keeping accountable, vendors of local or continent security tools and services in their responsibilities and deliverables.
  • Analyzing compliance and risk efforts and propose a process related or technical solution.
  • Managing the development and roll-out of processes and procedures that will sustain and improve information security and risk management efforts within company, in a cost effective manner.
  • Communication and Education of IT security requirements, including electronic data protection, privacy, retention and destruction Policies
  • Participate, as necessary, in Application / System Certification of technology or services delivered at the continent level to ensure applicable Security Standards are met.
  • Frequent travel requirement throughout the region and to the USA
     
     
    Managing Key Stakeholders Expectation
  • Working with all levels of leadership to executive levels within Corporate.
  • Alignment with Corporate initiatives and standards and at the same time making sure Continent environment considerations are factored in.
  • Responsible for Security/Compliance change management communications and training.
  • As determined by Continent need and, where necessary, in consultation with relevant Corporate groups, participate as a domain leader on Continent, Global and corporate committees, task forces and working groups ensuring Continent interests are covered.
  • Ability to represent the company/region in interaction with local data security authorities /regulators
 
 
Managing Key Process/Documentation
  • Governance of the property documentation for application configuration, operating standards, security standards that are applicable to the  Continent for focus on Security, regulatory compliance and PII.
  • Leading in the Continent planning, testing, delivery, and support of key IT and Information Security initiatives.
  • Manage the security review and implementation of Continent applications in line with defined corporate and Continent processes.
  • Responsible for security and compliance process improvement/reengineering.
  • Responsible for Continent security and compliance procedures and policies creation.
  • Contributing to collect and report on IT risk rating on both a periodic and event-driven basis. 
  • Ensuring the development and implementation of processes and procedures to comply with IT policies by IT and business areas.
  • Responsible for the execution of the security review process for applications and vendors
 
Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.  We believe a great career is a journey of discovery and exploration.  So, we ask, where will your journey take you?

 
Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.