Director, Security Architect

Job Number 24110313

Job Category Information Technology

Location Singapore Regional Office, 2 Harbourfront Place #06-08, Singapore, Singapore, Singapore

Schedule Full-Time

Located Remotely? N

Relocation? N

Position Type Management

JOB SUMMARY

Lead and manage security architecture and engineering in APEC. Performs security accreditation and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.

Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.

Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership

CANDIDATE PROFILE

Education and Experience

Required:

• Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification

• 8+ years’ experience in Information Security with:

• 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role

• 2+ years’ team management experience with security technical team members

• 1-2 years’ experience/exposure to Common Controls Framework

• Exposure/functional understanding of NIST RMF

• Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),

Preferred Skills & Attributes

• Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person.

• Ability to conduct independent security research.

• Strong understanding of common OWASP flagship projects, Top 10, Cheat Sheets…etc.

• Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization

• Strong understanding of SDLC and security integration points

• Functional understanding of microservice application architecture

• Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies

• Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Tenable.io

• Comfortable with technical report writing and crafting security requirements.

• Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation

• Basic understanding of Vulnerability and Patch Management practices

• Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM

• Basic understanding of Agile Software Development Practices & DevOps

• Master’s degree in Computer Science or Software Engineering

• Mid-level cloud computing certification, AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer

• Functional knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall)

• Functional understanding of common cryptographic algorithms and libraries

• Functional foundational understanding of Cloud Computing

CORE WORK ACTIVITIES

Security Accreditation

• Works with development teams to review application source code for security and operational risks.

• Perform manual code reviews of applications that are not compatible with automated SAST tools.

• Provide detailed security documentation to developers, software engineers and technical personnel when necessary.

• Provide guidance and recommendation to software architects and engineers on how to correct code related security flaws.

Managing Work, Projects, and Policies

• Manage security architecture and engineering team in Great China.

• Participate in peer reviews of security assessments created by other team members.

• Manage tickets and SLAs associated with security testing efforts.

• Maintain and contribute to the enterprise SSDLC standard.

• Coordinates and implements work and projects as assigned.

• Generates and provides accurate and timely results in the form of reports, presentations, etc.

• Analyzes information and evaluates results to choose the best solution and solve problems.

• Develops specific goals and plans to prioritize, organize, and accomplish work.

• Sets and tracks goal progress for self and others.

• Monitors the work of others to ensure it is completed on time and meets expectations.

• Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.

Leading Team

• Creates a team environment that encourages accountability, high standards, and innovation.

• Leads specific team while assisting with meeting or exceeding department goals.

• Makes sure others understand performance expectations.

• Ensures that goals are being translated to the team as they relate to tracking and productivity.

• Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service.

• Understands employee and develops plans to address need areas and expand on the strengths.

• Provides the team with the capabilities needed to meet or exceed expectations.

• Leads by example demonstrating self-confidence, energy and enthusiasm.

Conducting Human Resources Activities

• Acts proactively when dealing with employee concerns.

• Extends professionalism and courtesy to employees at all times.

• Communicates/updates all goals and results with employees.

• Meets semiannually with staff on a one-to-one basis.

• Establishes and maintains open, collaborative relationships with employees.

• Solicits employee feedback.

• Interviews job candidates and assists in making hiring decisions.

• Receives hiring recommendations from team supervisors.

• Ensures orientations for new team members are thorough and completed in a timely fashion.

• Observes behaviors of employees and provides feedback to individuals.

Additional Responsibilities

• Provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.

• Manages group or interpersonal conflict.

• Informs and/or updates executives, peers, and subordinates on relevant information in a timely manner.

• Manages time effectively and conducts activities in an organized manner.

• Presents ideas, expectations and information in a concise, organized manner.

• Uses problem solving methodology for decision making and follow up.

• Performs other reasonable duties as assigned by manager.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.