JOB SUMMARY
The Senior Manager, Continent Information Security Partnerships, Property Security Compliance is responsible for leading the planning, execution, and strategic oversight of information security audits and assessments across the continent. The role involves managing a team of auditors, ensuring alignment with corporate risk priorities, and serving as a key liaison between audit, risk, compliance, and technology stakeholders. The objective for this role is to attain maximum security compliance status and ensure that Marriott Security Standards and requirements for properties are being enforced. The role will perform tracking and reporting on the established security policies and processes as implemented at the hotels and will have a direct reporting line to the Senior Director/Director, Continent Information Security Partnerships.
This position requires strong leadership, deep domain expertise in cyber and IT risk, and advanced project management capabilities to govern the entire audit lifecycle—from scoping and fieldwork to reporting, remediation tracking, and executive reporting.
This position maintains strong relationships with and provides support to Area Operation/IT Leaders with continent operations and provides assistance in liaising with additional teams within Information Security and will require to travel for up to 75% of the work capacity.
CANDIDATE PROFILE
Education and Experience
- 8+ years of information security work experience including:
- At least 3+ years in executing technology plans and/or information security projects, programs, and/or portfolios.
- At least 2+ years’ in implementing enterprise security risk management frameworks and processes.
- Bachelor’s degree in Computer Sciences, Information Technology, Information Security, Cybersecurity or related field or equivalent experience/certification.
- Professional certifications, such as CISSP, CISM, CISA, CRISC, PCI ISA, ISO/IEC 27001 Lead Auditor, etc.
- Fluent in English, both spoken and written. As the role will liaise with different backgrounds in Asia Pacific, bi-/multi-lingual skills will be an advantage.
Preferred:
- Hotel IT Management.
- Cybersecurity experience.
- Good understanding of PCI DSS and NIST CSF.
- Expert level understanding of key network and technical security controls.
- Experience participating in and coordinating activities for security incident responses.
- Knowledge of global regulatory standards to include GDPR and CCPA.
- Demonstrated ability to apply organizational information security policies at a discipline unit level.
- Knowledge of IT security within an infrastructure environment.
- Proven ability to effectively prioritize and execute tasks in a high-pressure environment.
- Experience in business systems and process planning.
- Graduate/postgraduate degree.
CORE WORK ACTIVITIES
Strategic Audit
- Define and drive the annual information security audit and assessment programme in alignment with enterprise risk priorities, compliance obligations, and regulatory expectations.
- Lead strategic discussions with senior management on key risks, control effectiveness, and cyber maturity.
- Maintain the audit universe for information and cybersecurity, covering infrastructure, applications, cloud, data governance, identity, and emerging technologies.
- Lead and execute audits, security assessments, and control reviews across infrastructure, applications, data, cloud, and third-party services.
- Evaluate the effectiveness of information security controls (technical and administrative) aligned with corporate standards.
- Perform risk-based assessments and identify vulnerabilities, non-compliances, and improvement opportunities.
- Review historical audit and assessment findings and real-time observations, both internal and external, to determine areas for improvement, including developing and disseminating best practices, standardized configurations, and implementation guides across the hotel portfolio.
- Review artifacts, interview key stakeholders and identify areas for improvement.
Team Management & Oversight
- Supervise and mentor a team of internal auditors and external consultants (where applicable).
- Review and quality-assure audit plans, test strategies, fieldwork, and final reports.
- Foster knowledge sharing, continuous improvement, and skills development within the audit team.
Project Management & Execution
- Oversee complex audit engagements and ensure effective coordination of all project phases (planning, fieldwork, reporting, follow-up).
- Ensure all assessments are executed within scope, on time, and within budget while maintaining professional audit standards.
- Develop and manage the end-to-end audit or assessment program, including planning, scoping, scheduling, stakeholder engagement, fieldwork, and follow-up.
- Organize and facilitate kick-off meetings, status updates, walkthroughs, and closing sessions.
- Track and report audit timelines, milestones, and risk issues to ensure timely completion.
Stakeholder Engagement
- Build relationships and collaborate with key stakeholders to develop pragmatic remediation plans and track closure progress through defined follow-up cycles.
- Develop effective communication plans to collaborate with the stakeholders by customizing individual needs.
- Facilitate key audit meetings (kick-offs, walkthroughs, issue validation, and closures) and resolve conflicts or audit barriers where necessary.
Reporting & Remediation Governance
- Prepare clear, concise, and well-structured audit reports with actionable findings and risk ratings.
- Provide input on risk treatment strategies, control enhancements, and policy updates.
- Discuss the potential business impact of each finding with hotel management to ensure mutual understanding of the risk.
- Track and report on remediation status, escalating overdue or high-risk gaps to senior leadership.
- Contribute to the maturity of the information security internal audit methodology, templates, and knowledge base.
Additional Functions:
- Represents Security in signing off on new property openings reviewing the implemented policies and controls.
- Provides tactical communications and issues remediation planning and implementation with the continent IT Operations team.
- Signs off the new property openings including tracking that all necessary information on the property systems and security readiness is registered, such as application inventory.
- Facilitates educational calls, materials and meetings to the Continent IT Operations and field associates
- Tracks the compliance performance of the continent and work with on property IT associates along with the Area IT Managers towards issues remediations, providing necessary escalations and follow ups to the respective teams.
- Reporting on security & compliance related metrics to different stakeholders including GIS, Continent leadership
- Provides answers to general questions and queries around IT security and other related queries.
- Identifies learning and knowledge gaps and facilitates educational calls, materials and meetings to the Continent IT Operations and field associates
Additional Responsibilities
- Informs, updates, and provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner.
- Attends and participates in all relevant meetings.
- Presents ideas, expectations and information in a concise, organized manner.
- Uses problem solving methodology for decision making and follow up.
- Maintains positive working relations with internal customers and department managers.
- Manages time effectively and conducts activities in an organized manner.
- Performs other reasonable duties as assigned by manager.
At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.