Sr. Manager, Vulnerability Management
Ce poste n'est plus disponible, mais il y a plus de Direction offres d'emploi à Marriott Worldwide
Sr. Manager, Vulnerability Management

Marriott Worldwide

Publiée

Fermé

Sr. Manager, Vulnerability Management

À propos du poste


Posting Date Jan 25, 2022
Job Number 22002936
Job Category Information Technology
Location Marriott International HQ, 10400 Fernwood Road, Bethesda, Maryland, United States VIEW ON MAP
Brand Corporate
Schedule Full-Time
Relocation? N
Position Type Management
Located Remotely? Y

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.  We believe a great career is a journey of discovery and exploration.  So, we ask, where will your journey take you?

JOB SUMMARY

The Senior Manager, Vulnerability Management will lead a high performing team focused on reducing attack surface in the Marriot enterprise environment. This role will partner with IT and application teams across the organization to ensure a risk-based approach to vulnerability management is embedded into their daily work. The role will be responsible for ensuring that the team delivers timely and high quality vulnerability and configuration remediation efforts, including assessment, reporting, and validation. As a manager of others, the person in this role is expected to ensure that team members are motivated, have opportunities for growth and learning, and embrace Marriott core values and culture. The role acts as subject matter expert in enterprise vulnerability management to both lead the team in providing high quality work and to advance the maturity of vulnerability management efforts in the organization.

CANDIDATE PROFILE

Education and Experience

Required:

  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 7+ years of information security experience that also includes background and knowledge of general security concepts such as defense in-depth and risk-based security management
  • 5+ years experience with:
    • Vulnerability assessment and reporting including comprehensive understanding of vulnerability management methodologies and procedures and remediation management
    • Implementing, managing, or using enterprise vulnerability assessment technologies, including Tenable.io, Tenable Security Center, or similar vulnerability solutions
  • 3+ years’ experience with:
    • Leading a global team of technical professionals
    • Building and maintaining relationships with stakeholders across the organization to provide effective and timely management of vulnerabilities across systems, devices, and applications
    • Leading a vulnerability management program, preferably across an enterprise


Preferred:

  • Current information security certification, including Certified Information Systems Security Professional (CISSP), GIAC certification, or Certified Information Security Manager (CISM)
  • Technical leadership experience in a sourced environment
  • Experience managing enterprise vulnerability management in a large commercial enterprise
  • Experience with vulnerability reporting solutions, such as ServiceNow and Kenna Security
  • Experience managing medium to large projects involving multiple teams in a technical lead role within an enterprise environment
  • Familiarity with attack and exploitation techniques involving operating systems, applications, and devices commonly seen in an enterprise environment
  • Ability to take complex, large datasets or security concepts and present clear and concise interpretations to non-security and non-technical stakeholders at all levels of the organization
  • Experience with managing technical aspects of various controls frameworks, such as NIST Security and Privacy Controls and PCI-DSS
  • Excellent communication skills and problem solving ability
  • Demonstrated ability to work independently and with others
  • Technical infrastructure operations, administration, or engineering background


CORE WORK ACTIVITIES

  • Inspire and sustain team cohesion and engagement by focusing the team on its mission and importance to the organization
  • Keep the organization's vision and values at the forefront of employee decision making and action
  • Provide technical leadership to the information vulnerability management process, including developing and managing remediation activities 
  • Train and mentors team members and peers as appropriate for their role and goals
  • Work proactively with IT and Application partners to develop strategic and tactical plans for patch and configuration management
  • Assist with the development and implementation of strategies to enhance and mature the vulnerability management program
  • Develop and sustain relationships based on an understanding of stakeholder needs and actions consistent with the company’s service standards
  • Identify, triage, and prioritize vulnerabilities and associated remediation and mitigation activity using multiple sources of vulnerability, threat, and asset data
  • Develop remediation and mitigation guidance to include vendor-supplied remediations, mitigating actions to reduce risk, and actions to address vulnerabilities for which complete remediation does not exist, on both individual assets and on multi-asset solutions and environments
  • Use internal solutions to report on open vulnerabilities, remediation progress, remediation compliance, and vulnerability metrics for use by technical, management, and executive stakeholders
  • Conduct research using open source and proprietary intelligence to identify and analyze existing and new vulnerabilities
  • Ensure the performance of planned and ad-hoc vulnerability scanning, determination of remediation options, and tracking remediation to completion
  • Assist in the direction of third-party vendors activities to include prioritizing work, developing processes to govern such activities, and reporting on the status, type, and effectiveness of those activities
  • Ensure the creation, maintenance, and ongoing maturity development of vulnerability management processes, reporting, and associated documentation.
  • Maintain documentation repositories related to vulnerability management for use by internal staff and technical stakeholders
  • Educate internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to manage patch management and vulnerability management
  • Participates in the evaluation and selection of security services products
  • Promotes the benefits of security services to the organization and educates the team on security concepts
  • Provides financial input on department or project budgets, capital expenditures or other cost/resource estimates as requested
  • Identifies opportunities to enhance the service delivery processes


This position requires proof of full vaccination against COVID-19 prior to the first date of employment, subject to applicable law. If you are offered employment, this requirement must be met by your date of hire, unless a reasonable accommodation request is received and approved.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
Fermé

Sr. Manager, Vulnerability Management

Bethesda, MD, États-Unis

Temps plein, Indéfini

Date de début du contrat:

Date d'entrée en fonction (au plus tard):

Vous souhaitez découvrir quelque chose de différent ? Voir des emplois similaires