Jobs
>
Bethesda

    SrMgr-Information Security- Vendor Risk Management - Bethesda, United States - Marriott

    Marriott
    Marriott Bethesda, United States

    1 day ago

    Default job background
    Description
    Job Description

    JOB SUMMARY

    The candidate will be responsible for completing and maintaining 3rd Party Hosting Service Provider reviews, including creating risk assessments, and security test and evaluations. The candidate will also be responsible for supporting the overall security program including security policy, procedures, and standards, assessing the risk of the internal and external IT systems, ensuring Marriott iT documents are compliant with Marriott security policies and procedures, and reviewing documents for accuracy and completeness.

    Conduct periodic re-assessment with focus on those with highly sensitive data. Perform application security vulnerability scanning and provide remediation options. Candidate will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets. Shares responsibility for planning, directing, and coordinating compliance activities pertaining to technology projects for a given business unit. Verifies that project goals are accomplished and in line with business objectives.

    Excellent communication skills are required to effectively communicate (verbally and written) across all levels within the organization.

    CANDIDATE PROFILE

    Education and Experience

    Required:
    • Bachelor's degree in Information Systems or related field or equivalent experience/certification
    • 7+ years of information technology leadership experience including implementing, managing and governing security policies
    • 3+ years direct work experience in third-party Risk Management
    • One or more current information security certifications such as Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
    Preferred:
    • A security certification such as GWAPT, GPEN, AWS Associate Architect, AWS Professional Architect, PCI experience.
    • Technical knowledge in one or more of the following areas is required: Application Security, Operating System security (UNIX, Windows, Mainframe, etc.) and network security (routers, switches, firewalls)
    • Technical leadership experience in an outsourced environment
    • Excellent communication skills and problem-solving ability
    • Experience conducting and maintaining vendor risk assessments
    • Experience with reviewing and assessing security controls of Cloud service providers
    • Proficient with assessing a multi-tiered system architecture (Web Server, App Server & Database)
    • Knowledge of OWASP Top 10 and SANS 25.
    • Working knowledge of the infrastructure and application scanning tools (such as Retina, Nessus, IBM App Scan, HP Web Inspect, Fortified on Demand, Qualys, etc.)
    • Manual Web Application Testing experience.
    CORE WORK ACTIVITIES

    Security Risk & Compliance
    • Oversee, evaluate, and support the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.
    • Perform security controls assessments of third-party providers - assess security architecture, adherence to the requirements, conduct application scanning and results validation
    • Document controls gap analysis and risk assessment of the third-party providers
    • Review controls exception requests and make risk-based approval decision
    • Lead, participate or perform various infrastructure compliance initiatives and projects
    • Perform Application Security Testing using (Nessus, IBM App Scan, HP Web Inspect, Fortified on Demand, Qualys, Burp, or Retina)
    • Conduct and validate finding discovered during the scans
    • Monitor compliance to applicable security policies and standards and report related risk issues
    • Manage and administer processes and tools that enable the organization to identify, document, and track third party risks and compliance exceptions
    • Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assess the level of risk, and develop and/or recommend and operationalize appropriate mitigation countermeasures.
    • Provide sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocate policy changes and make a case on behalf of the company via a wide range of written and oral work products.
    • Oversee the information assurance (IA) program of an information system in or outside the network environment; may include procurement duties.
    Maintaining Goals
    • Submits reports in a timely manner, ensuring delivery deadlines are met.
    • Promotes the documenting of project progress accurately.
    • Provides input and assistance to other teams regarding projects.
    Managing Work, Projects, and Policies
    • Manages and implements work and projects as assigned.
    • Generates and provides accurate and timely results in the form of reports, presentations, etc.
    • Analyzes information and evaluates results to choose the best solution and solve problems.
    • Provides timely, accurate, and detailed status reports as requested.
    Demonstrating and Applying Discipline Knowledge
    • Provides technical expertise and support to persons inside and outside of the department.
    • Demonstrates knowledge of job-relevant issues, products, systems, and processes.
    • Demonstrates knowledge of function-specific procedures.
    • Keeps up-to-date technically and applies new knowledge to job.
    • Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
    Delivering on the Needs of Key Stakeholders
    • Understands and meets the needs of key stakeholders.
    • Develops specific goals and plans to prioritize, organize, and accomplish work.
    • Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
    • Collaborates with internal partners and stakeholders to support business/initiative strategies
    • Communicates concepts in a clear and persuasive manner that is easy to understand.
    • Generates and provides accurate and timely results in the form of reports, presentations, etc.
    • Demonstrates an understanding of business priorities
    Additional Responsibilities
    • Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
    • Demonstrates self-confidence, energy and enthusiasm.
    • Informs and/or updates leaders on relevant information in a timely manner.
    • Manages time effectively and conducts activities in an organized manner.
    • Presents ideas, expectations and information in a concise, organized manner.
    • Uses problem solving methodology for decision making and follow up.
    • Performs other reasonable duties as assigned by manager.
    California Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.

    Colorado Applicants Only: The salary range for this position is $96,038.00 to $190,154.00 annually.

    Hawaii Applicants Only: The salary range for this position is $116,205.00 to $209,169.00 annually.

    New York Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.

    Washington Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus. Employees will accrue PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

    All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

    Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

    The application deadline for this position is 28 days after the date of this posting, 4/22/2024.

    Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

    About the Team

    Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.
  • Science and Technology Corporation

    Agile Program Risk Manager

    3 days ago

    Science and Technology Corporation Silver Spring, United States

    Founded in 1979, Science and Technology Corporation (STC) delivers an extensive range of award-winning advanced scientific, engineering, and technical support services to the U.S. Government and Industry customers. Our proven expertise and experience span scientific research, dev ...

  • Quantum Innovations

    Risk Manager

    1 week ago

    Quantum Innovations Congress, United States

    We are here for Berlin. · Berlin is probably the most exciting location for those who want to make a difference in their job. Our capital is characterized by diversity, growth, dynamism, and opportunities. And right at the heart of it all: berlinovo. As a modern, state-owned real ...

  • Mid-Atlantic Permanente Medical Group PC

    Risk Adjustment Manager

    5 days ago

    Mid-Atlantic Permanente Medical Group PC Rockville, United States

    Mid-Atlantic Permanente Medical Group is comprised of more than 1,700 Permanente physicians and nearly 300 staff professionals who come together to make a positive impact on the health and lives of more than 800,000 members in Virginia, Maryland, and the District of Columbia. · R ...

  • Hewlett Packard

    Vp Global Controls, Compliance, and Risk Management

    1 week ago

    Hewlett Packard Spring, United States

    The Global Controls, Compliance, and Risk Manager will play a pivotal role in safeguarding the company's interests by overseeing and enhancing the enterprise-wide controls, compliance, and risk management framework, with end-to-end responsibility for management's compliance with ...

  • GCyber

    Cyber Risk Management Analyst

    1 week ago

    GCyber Washington, United States

    GCyber is hiring a **Cyber Risk Management Analyst **to support data security risk assessments for a high visibility Executive Branch customer. Your primary focus will be on identifying and evaluating potential data security risks and vulnerabilities within the systems and develo ...

  • US Assistant Secretary for Housing-Federal Housing Commissioner

    Deputy Assistant Secretary for Risk Management

    5 days ago

    US Assistant Secretary for Housing-Federal Housing Commissioner Washington, United States

    **Duties**: · The Deputy Assistant Secretary for Risk Management reports to the General Deputy Assistant Secretary for Housing, who provides broad policy outlines and budgetary constraints to the incumbent. The incumbent serves as the Chief Risk Officer to the Assistant Secretary ...

  • Noblis

    Cbrn Risk Analyst and Project Manager

    1 week ago

    Noblis Washington, United States

    **Responsibilities**: · The responsibilities of the team member typically includes: · - Assisting with the development and administration of RDT&E contracts, to include tasks such as: development of solicitation material, administration of source selection reviews, and assessing ...

  • Advanced Decision Vectors, LLC

    Program Protection/risk Management Security

    1 week ago

    Advanced Decision Vectors, LLC Washington, United States

    Advanced Decision Vectors, LLC (ADV), established in 2009, provides superior program management, program support, strategic planning, and systems engineering to the Federal and Commercial sectors. Located in Alexandria, Virginia, ADV is a Small Disadvantaged Business (SDB) contra ...

  • Quantum Innovations

    Junior Business Analyst Risk Management

    1 week ago

    Quantum Innovations Columbia City, United States

    Shape the future with us - become part of our team in Columbia City · Join us in shaping the insurance landscape of tomorrow. · Do you want to accompany the digital transformation of insurers and financial service providers with us? Then discover as a [mover] what moves the indus ...

  • Lockheed Martin Corporation

    Casualty Risk Manager

    1 week ago

    Lockheed Martin Corporation Bethesda, United States

    Job ID: 665713BR · Date posted: May. 02, 2024 · Description:Casualty insurance professionals looking for a change - Lockheed Martin has an opportunity to lead it's casualty programs and is seeking candidates that enjoy challenging projects and a fast paced cultural environment. ...

  • Horizon Ventures

    Senior Consultant for Risk Management and Compliance

    1 week ago

    Horizon Ventures Monument, United States

    About the Company · We are an internationally oriented partnership of lawyers, auditors, and tax consultants, founded in 2006. Today, we have around 380 employees at our locations in Hamburg, Berlin, Bochum, Hanover, Dortmund, Munich, and Bielefeld. · Through our own company and ...

  • STG International

    Risk Manager Coordinator

    1 week ago

    STG International Bethesda, United States

    Risk Manager Coordinator (Registered Nurse) var a 2 aconfig = a 2 aconfig || {}; a 2 aconfig.onclick = 1; Category. Current Openings --> Healthcare. Job Location. Bethesda, Maryland. Tracking Code 13896 Position Type. Full-Time/ Regular. ST - Gi is c Risk Manager, Registered Nurs ...

  • Amazon Logistics, Inc.

    Legal Risk Manager, Corporate Auto Claims

    1 day ago

    Amazon Logistics, Inc. Arlington, United States

    Juris Doctor (JD) Degree · - Active membership in at least one state bar · - 5+ years of experience in transportation claims · - Strong understanding of the litigation process · Amazon's Global Risk Management Claims team is seeking a talented attorney to support our rapidly grow ...

  • STG International

    Risk Manager Coordinator

    1 week ago

    STG International Bethesda, United States

    STGi is currently seeking candidates to support our contract with Federal Occupational Health in Bethesda, Maryland as Registered Nurse Risk Manager Coordinator. · Primary duties and competencies may include but are not limited to: Project management of nationwide projects that u ...

  • Spectrum Ventures

    Risk management referent

    1 week ago

    Spectrum Ventures Junction City, United States

    Are you looking to take on responsibility and make a difference with your work? With your expertise, we can achieve great goals together. We are WACKER - Reliable. Determined. Ambitious. As one of the most research-intensive chemical companies in the world, we have been enabling ...

  • Marriott International

    SrMgr-Risk Management

    1 day ago

    Marriott International Bethesda, United States Full time

    Job Description · JOB SUMMARY · As a member of the Global Insurance team, the Sr. Manager, International Insurance manages critical elements of Marriott's insurance programs in servicing the CALA continent, as well as providing general insurance support to the Asia-Pacific and EM ...

  • Sbg Technology Solutions Inc

    Risk Management Specialist, Sbg

    3 days ago

    Sbg Technology Solutions Inc Chantilly, United States

    SBG Technology Solutions, Inc. (SBG) is growing and would like you to come and join our team · **OVERVIEW** · The Risk Management Specialist will support a new Systems Engineering and Integration (SE&I) program. · **Responsibilities**: · - Update, deliver, and maintain the RIOM ( ...

  • Sun Life Financial

    Manager - Fraud Risk Oversight

    1 week ago

    Sun Life Financial Bethesda, United States

    Manager - Fraud Risk Oversight page is loaded · Manager - Fraud Risk Oversight · Apply · locations · Toronto, Ontario · time type · Full time · posted on · Posted Yesterday · job requisition id · JR · You are as unique as your background, experience and point of view. ...

  • Aledade

    Director, Risk Management-Remote

    1 week ago

    Aledade Bethesda, MD, United States

    Director of Security, Governance Risk & Compliance (Permanent Remote, US) · Aledade works with independent practices, health centers, and clinics to build and lead Accountable Care Organizations (ACOs) anchored in primary care. As a Director of Security, you will lead efforts tha ...

  • Navy Federal Credit Union

    Manager, Compliance and Third Party Risk Operations

    1 week ago

    Navy Federal Credit Union Vienna, United States

    **Overview** · **Responsibilities** · - Manage, review, and coordinate responses, examination briefings, and ad hoc requests to/from regulatory agencies in conjunction with VP Risk Management · - Manage and coordinate Business Unit examination readiness reviews to effectively pre ...