Manager| Information Security – Risk Metrics and Reporting – Marriott International HQ – USA


Job Number 20023296
Job Category Information Technology
Location Marriott International HQ| 10400 Fernwood Road| Bethesda|
Maryland| United States
Brand Corporate
Schedule Full-time
Relocation? No
Position Type Management

Start Your Journey With Us
Marriott International is the world’s largest hotel company| with more brands|
more hotels and more opportunities for associates to grow and succeed. We
believe a great career is a journey of discovery and exploration. So| we ask|
where will your journey take you?


As a member of the Information Security Project Management Organization| the
Manager| Information Security Risk Metrics & Reporting works closely with
Cyber Security Incident Response| Compliance| Vulnerability Management| and
other IT teams to create and deliver Information Security Risk Reports|
including meaningful metrics| trends| key insights and detailed analyses
aligned to the NIST Cybersecurity Framework (CSF) functions: Identify|
Protect| Detect| Respond and Recover. The role synthesizes information into
dashboards and presentations for key stakeholders including Marriott’s Board
of Directors| business and continent/regional leaders| executive leadership
and other functional organizations. The role also maintains and continuously
improves the platform and tools that underpin the Information Security Risk
Reporting Program| including troubleshooting and fixing reporting issues| and
verifying the accuracy of key risk data.


Education and Experience


Undergraduate degree in Statistics| Mathematics| Computer Science or related discipline
5 years of experience in developing| reporting and communicating analytic results
5 years of experience in implementing and using key reporting and business intelligence solutions (Tableau) and related data management


Experience with information security risk management| including Key Risk Indicators/Key Performance Indicators related to information security| cybersecurity or broader IT
Experience with regulatory frameworks and requirements as they apply to information security
Above-average proficiency in analytic methodologies| tools and dashboard development
Expert skills with key reporting and presentation tools (via Microsoft PowerPoint| Excel AND more advanced reporting solutions like Tableau)
Polished written and verbal communication skills| ability to work effectively and coordinate with data providers| disciplines and leadership across various functions
Strong detail orientation| self-driven and motivated with proven ability to interact with and communicate to stakeholders at all levels of the organization
Easily adapts to change quickly and can facilitate change to improve metric accuracy and reduce risk
Experience managing and automating metric programs
Advanced knowledge in Cybersecurity risk| frameworks| processes| tools and best practices
Working knowledge of information security industry frameworks (e.g. ISO| NIST| COBIT)


Facilitate the creation and delivery of a monthly Executive Risk Report| including meaningful metrics reporting| trends| key insights and detailed analyses across the NIST Cybersecurity Framework (CSF) functions: Identify| Protect| Detect| Respond and Recover.
Establish automated data pipelines that feed data visualization tools; develop dashboards and visualization products using Tableau
Manage| standardize and normalize data collection from systems of record (data sources) to achieve repeatable outcomes for metrics reporting
Assist data source systems owners in developing data models used to achieve standardized| repeatable| and accurate risk reports
Perform quantitative and qualitative analysis on key risk indicators (KRIs) and trends| and provide recommendations related to inform decision making on activities performed by the Information Security organization
Monitor Key Risk Indicators (KRIs) and perform detailed analysis to understand root causes of changes in metrics
Monitor information security capability improvement and risk reduction of initiatives under implementation/ deployment
Create Executive Briefing presentations and visualizations; as well as| produce ad-hoc queries/reports to support communications and reporting to different stakeholder groups
Demonstrate metrics reporting platform and tools to stakeholders| communicate design requirements| and validate approach for enhancements/integration of new metrics
Develop and maintain a release schedule for activation and integration of new metrics
Conduct extensive quality control and record keeping procedures to ensure the highest level of data integrity
Manage the integration and communications across the Automated Metrics Reporting Platform| data source systems and other technology platforms| and ensure proper coordination with appropriate IT teams