Manager Information Security - Endpoint Risk & Compliance

JOB SUMMARY

Responsible for managing security compliance, including endpoint compliance and exceptions processing.  Reviews endpoints for compliance with Marriott's endpoint security technology policies, tracking areas of non-compliance and working with stakeholders to bring those areas back to compliance. Responsible for reviewing, approving and tracking any policy exceptions and for working closely with the Risk Management team to ensure alignment of Enterprise Risk. The position manages and improves the IT Security Compliance inventory/lifecycle within our environment including inventory and monitoring of all asset assessment and data analysis, reporting and findings remediation. 

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor's degree in Computer Sciences or related field or equivalent experience/certification
• 5+ years of general information technology experience with at least 3+ years' experience implementing, managing and/or governing endpoint security technologies, like encryption, Anti-Virus, Endpoint-Detection & Response (EDR), Application Control technologies, network security, and host-based intrusion detection systems.

Preferred:

• Working knowledge of IT Endpoint management tools like: Active Directory, BigFix, Tanium, CrowdStrike, Deep Security, McAfee, Bitlocker, ServiceNOW, Tenable, Vault, Privilege Manager, Application Control, Intune, Forescout NAC, Cisco, Palo Alto, F5, Juniper, NetMRI, Firemon, Netskope, Delinea
• Current Information Security certification, including Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), Cisco Certified Networking Associate (CCNA), Certified Network Defender (CND), Security+, or Certified Third Party Risk Professional (CTPRP) 
• Extensive experience and expertise in security policy creation and endpoint lifecycle management to EOL and EOSL, auditing methodology, and technology risk assessments for Windows, Linux, AWS and Azure endpoints as well as ESXi, firewalls, switches and routers
• Experience with reporting dashboards and metrics tracking for Endpoint compliance within large global enterprises
• Technical leadership experience in an Information Technology Outsourced (ITO) environment and with Local Service Providers (LSPs)
• Project management skills and abilities to lead and drive IT Security Compliance Projects.
• Excellent communication/reporting skills and problem-solving ability related to IT Security Compliance.
• Technical infrastructure operations, network administration, or engineering background and familiarity with ACLs, VLAN and SD-WAN concepts
• Knowledge of IT Protocols such as ARP, TCP/IP, WMI, SNMP, SMB, SSL, TLS, SMTP, SOAP, Web Services, or Kerberos.

CORE WORK ACTIVITIES

Security Risk & Compliance

• Oversees, plans and conducts security policy compliance, risk assessment, exception evaluation, and processing for applications, infrastructure, data, and third-party vendor solutions.
• Consistently monitors compliance to applicable security policies and standards and reports related risk issues
• Executes technical risk assessments, advises business and IT leaders on risk of initiatives/tools 
• Defines and executes Third Party / Vendor Security Risk Assessment programs
• Oversees and evaluates documentation and validation processes to ensure the organization meets Security assurance and privacy requirements. 
• Assigns appropriate level of risk and drives compliance to Endpoint Security internal policies and external regulations.
• Manages and administers processes and tools that identify, document, and retain intellectual capital and information content.
• Conducts assessments on threats and vulnerabilities, determines deviations and level of risk. Follows up assessments with questions, gap identification, and testing on assessed risk. 
• Performs analysis on results and determines risk threshold. 
• Delivers recommendations advising leadership and vendors on present risk and whether additional remediation or action is required. 
• Develops, recommends, and operationalizes appropriate mitigation countermeasures. Advocates for any resulting needed policy changes. 
• Creates and drives development of process and policy documentation.

.

Maintaining Goals

• Submits reports in a timely manner, ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.

Managing Work, Projects, and Policies 

• Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely, accurate, and detailed status reports as requested.

Demonstrating and Applying Discipline Knowledge 

• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job.
• Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

Delivering on the Needs of Key Stakeholders

• Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Demonstrates an understanding of business priorities

Additional Responsibilities 

• Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
• Demonstrates self confidence, energy and enthusiasm.
• Informs and/or updates leaders on relevant information in a timely manner.
• Manages time effectively and conducts activities in an organized manner.
• Presents ideas, expectations and information in a concise, organized manner.
• Uses problem solving methodology for decision making and follow up.
• Performs other reasonable duties as assigned by manager.