Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. We believe a great career is a journey of discovery and exploration. So, we ask, where will your journey take you?
Ideal candidate profile
We are seeking a dynamic and forwarding thinking individual who is accountable for leading a team of solution architects that are focused on application security and privacy. This individual will be accountable for developing solution architectures that are in alignment with the requirements, policies, and best practices defined by the Enterprise Security team. This individual is required to have broad and deep experience in defining application security and privacy solution architects for globally distributed cloud-based applications across SaaS, Web, Mobile, and API platforms.
· 5-7+ years of managing a team of solution architects focused on creating application security and privacy solutions.
· 5-7+ years of increasing responsibility in the development and delivery of web, mobile, and API solution architectures
· 3-4+ years of experience of defining and implementing solution architectures to support PII or PCI compliant.
· Experience in developing solution architectures, frameworks, design patterns, and best practices.
· Demonstrated ability to develop and influence the adoption of geographically distributed, cloud-based security solution architectures.
· Demonstrated effective and strong written and verbal communication skills
· Certification in Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified SCADA Security Architect (CSSA), Cloud Security Alliance (CSA) or Certified Secure Software Lifecycle Professional (CSSLP)
· Demonstrates expertise in the payment and security space, including Credit Card processing, ACH processing, EMV, PA-DSS, PCI-DSS, E2EE, P2PE, Merchant/Acquirer, ISO 8583, payment aggregation, fraud/charge back issues and other emerging payment systems.
· Experience with Private, Public, and Hybrid Cloud security models
· Experience with open source technologies such as Java, NGINX, Tomcat, Play, Akka, Couchbase, Rest, Node, and Docker, Couchbase,
· Ability to create constructive relationships, influence, and communicate (to project team, IT management, and non-technical staff).
· Ability to lead complex, cross-functional problem-solving initiatives.
· Experience in researching emerging technologies and trends, standards, and products
CORE WORK ACTIVITIES
Enterprise Planning & Execution
· Interpret Marriott Security Risks, Policies, and Processes defined by the Enterprise Security team into actionable application security architecture initiatives to mitigate company legal, financial, and reputation risk.
· Develop application security architecture solutions that can be embedded and re-used across the application landscape.
· Develop re-usable application design patterns and best practices that can be leveraged by the enterprise to mitigate security vulnerabilities.
· Socialize and educate the organization including service providers on application security design patterns that have been developed and are required to be implemented to achieve Marriott's security standards.
· Understand current and emerging technology security vulnerabilities
· Collaborate and work closely with the Enterprise Security organization to ensure that application solutions are aligned with security standards and policies.
· Work across the project portfolio to define the solution architectures required to achieve the security requirements, policies and best practices defined by the Enterprise Security team.
· Develop architecture diagrams conceptual, logical, and physical that document the technology components, and data flows, encryption, tokenization, and other security requirements.
· Develop and present solution architecture diagrams and data flows that support the SDLC stage gates and checkpoints.
· Review solution architectures with the Enterprise Security Architecture team to secure their approval and can attest that the solution meets the defined security requirements.
· Accountable for presenting the security components of the solution architecture required to gain approval from the Enterprise Architecture Review Board.
· Oversee and consult with project teams to ensure adherence to security design patterns and best practices.
Cross-Training, Technology Research, and Proof-of-Concepts
· Obtain training & experience on business functions and technologies outside area of expertise.
· Research emerging or existing technologies that may have specific business outcomes.
· Conduct proof-of-concepts to determine the feasibility of technologies that could provide business benefits.
Building Successful Relationships
· Collaborates with Project Managers and business unit leaders for projects involving enterprise data.
· Acts as a leader and advocate of security management, including coaching, training, and career development to staff.
· Liaises with vendors and Service Providers to select the products or services that best meet company goals
· Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods.
· Leading Through Vision and Values - Keeps the organization's vision and values at the forefront of employee decision making and action.
· Managing Change - Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges.
· Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action.
· Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values.
· Strategy Development - Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes.
· Strategy Execution – Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes.
· Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required.
· Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company's service standards.
· Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential.
· Strategic Partnerships - Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government, business and industry in respective countries; performs effectively as a liaison between locations, disciplines, and corporate to ensure needed resources are received and corporate strategies are understood and executed.
Generating Talent and Organizational Capability
· Developing Others - Supports the development of other's skills and capabilities so that they can fulfill current or future job/role responsibilities more effectively.
· Organizational Capability - Evaluates and adapts the structure of assignments and work processes to best fit the needs and/or support the goals of an organizational unit.
Learning and Applying Professional Expertise
· Continuous Learning - Actively identifies new areas for learning; regularly creates and takes advantage of learning opportunities; uses newly gained knowledge and skill on the job and learns through their application.
· Technical Acumen - Understanding and utilizing professional skills and knowledge in a specific functional area to conduct and manage everyday business operations and generate innovative solutions to approach function-specific work challenges
Marriott International is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Marriott International does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.