Associate Architect - Global Information Security

Bethesda, MD, United States

Associate Architect - Global Information Security Contributes to and refines security strategies, requirements, and standards for applications and platforms. Supports in-depth technical security guidance as a Security Subject Matter Expert (SME) for various technologies and project areas. Ensures company security policies, standards and industry standards are communicated to program teams during the Software Development Life Cycle (SDLC) process. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality, and scalability. Reviews and approves Security Accreditation tasks during each phase of SDLC. Serves as point of escalation for security issues and risks that may arise. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Cryptography, Infrastructure, DevSecOps and Risk.

CANDIDATE PROFILE

Education and Experience

Required:

Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification.

7+ years’ progressive experience in technology/security engineering that included work in three or more of the following areas: Conducting security reviews and identifying risks and gaps

Performing security accreditations

Developing security architectures and strategies

Developing Enterprise security patterns

Working with development teams and vendor teams for implementing compensating controls

2+ years’ experience in contributing to the security architectures and identifying security risks/gaps as well as mitigation strategies.

3+ years combined experience in some or all of the following: Full-stack knowledge of IT infrastructure: Applications

Databases

Operating systems — Windows, Unix, and Linux

IP networks — WAN and LAN

Knowledge of DevSecOps

Knowledge of API Architectures

Cryptography and current cryptographic standards, including PKI

Working knowledge of the OWASP Top 10

Preferred:

Strong working knowledge of Agile Methodologies with a focus on SAFe.

Strong working knowledge of IT service management (e.g., ITIL-related disciplines): Change management

Configuration management

Asset management

Incident management

Problem management

Ability to provide security requirements for areas including but not limited to; Cloud Computing, Application Development, IAM, Cryptography, DevSecOps and Infrastructure design.

Ability to understand large complex integrated solutions and provide the security needed between systems.

Experience in developing Enterprise Security Strategies.

Experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

Experience designing the deployment of applications and infrastructure into hybrid, and public cloud services.

Ability to conduct independent research.

Strong abilities and experience in documentation and written communication for diverse audiences.

Experience working with diverse and distributed global teams.

Current information security certification(s), such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISC2 Certified Cloud Security Professional (CCSP), GIAC certifications, ITIL.

Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, NIST 800-53, CIS Benchmarks, etc.

Knowledge of securing technologies such as, but not limited to; SaaS services (i.e., O365, Salesforce), Application Design, Container Platforms (i.e., Docker, Kubernetes), APIs, Serverless, Network Infrastructure, Operating Systems, Identity and Access Management.

Knowledge of SDLC (Waterfall/Agile), DevSecOps, and good understanding of the ITIL Framework.

Knowledge of SAFe Agile Methodologies.

Strong negotiating, influencing and problem resolution skills.

Ability to effectively prioritize and execute tasks in a high-pressure environment.

Ability to assess customer/client needs, creatively approach solutions, decide, and influence appropriate courses of action.

Standards & Business Partnership

Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.

Contributes to the strategy and roadmap, provides guidance, creates standards and guidelines, and reviews architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements.

Conducts security and privacy technology research, assessments, and integration processes; provides and supports a prototype capability and/or evaluates its utility.

Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.

Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain.

Applies knowledge of priorities to define an entity’s direction and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements.

Works with the Security Architects to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process including but not limited to: Data Classification, Security Controls, Threat Models, Architecture Review Boards, Authority to Operate.

Maintaining Goals

Submits reports in a timely manner, ensuring delivery deadlines are met.

Promotes the documenting of project progress accurately.

Provides input and assistance to other teams regarding projects.

Managing Work, Projects, and Policies

Manages and implements work and projects as assigned.

Generates and provides accurate and timely results in the form of reports, presentations, etc.

Analyzes information and evaluates results to choose the best solution and solve problems.

Provides timely, accurate, and detailed status reports as requested.

Demonstrating and Applying Discipline Knowledge

Provides technical expertise and support to persons inside and outside of the department.

Demonstrates knowledge of job-relevant issues, products, systems, and processes.

Demonstrates knowledge of function-specific procedures.

Keeps up-to-date technically and applies new knowledge to job.

Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

Delivering on the Needs of Key Stakeholders

Understands and meets the needs of key stakeholders.

Develops specific goals and plans to prioritize, organize, and accomplish work.

Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.

Collaborates with internal partners and stakeholders to support business/initiative strategies

Communicates concepts in a clear and persuasive manner that is easy to understand.

Generates and provides accurate and timely results in the form of reports, presentations, etc.

Demonstrates an understanding of business priorities

Additional Responsibilities

Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.

Demonstrates self confidence, energy and enthusiasm.

Informs and/or updates leaders on relevant information in a timely manner.

Manages time effectively and conducts activities in an organized manner.

Presents ideas, expectations and information in a concise, organized manner.

Uses problem solving methodology for decision making and follow up.

Performs other reasonable duties as assigned by manager.

California Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually.

Colorado Applicants Only: The salary range for this position is $96,038.00 to $190,154.00 annually.

Hawaii Applicants Only: The salary range for this position is $116,205.00 to $209,169.00 annually.

New York Applicants Only : The salary range for this position is $96,038.00 to $209,169.00 annually.

Washington Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 28 days after the date of this posting, 4/11/2024.

Marriott International is an equal opportunity employer.We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture.We are committed to non-discrimination onanyprotectedbasis, such as disability and veteran status, or any other basis covered under applicable law.

Explore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.

#J-18808-Ljbffr