Sign up for our
weekly
newsletter
of fresh jobs
Position SummaryAs a member of the professional staff, contributes general knowledge and skill in a discipline area (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) to support team and/or department objectives.Generally works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision making process.Specific Job SummaryThe Security Risk Analyst IV is responsible for developing and implementing strategies to ensure the security of the organization's information systems and technology assets. The role focuses on safeguarding our organization's digital assets and maintaining a strong security posture. The role will include overseeing work efforts and assessment results and maintaining an effective security governance, risk management, and compliance programs to identify, assess, and mitigate security risks. Key areas of specific responsibility include:• Collaborate with IT leadership to align security strategies with business goals and objectives.• Identify and assess security risks across the organization's technology infrastructure and processes.• Provide guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies.• Utilize software applications and tools that facilitate governance, risk assessment, and compliance management. These solutions may include risk assessment systems, compliance tracking platforms, and reporting dashboards.• Continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts.Results• Risk assessment capabilities constantly improving• Key processes are automated and managed through GRC software• Internal and External risks are identified, assessed, and mitigated in accordance with the company’s risk threshold.Working Relationships• IT Infrastructure and Applications Leadership• Global Information Security• Procurement• Business Relationship Managers• PrivacyExpected Contributions• Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.• Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.Specific Expected Contributions• Collaborate with IT leadership to align security strategies with business goals and objectives.• Identify and assess security risks across the organization's technology infrastructure and processes.• Provide guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies.• Manage software applications and tools that facilitate governance, risk assessment, and compliance management. These solutions may include risk assessment systems, compliance tracking platforms, and reporting dashboards.• Work closely with legal, compliance, and regulatory teams to ensure adherence to relevant industry standards, regulations, and data protection requirements.• Identify opportunities for process improvements and optimization within the GRC development lifecycle. Recommend and implement enhancements to existing systems to streamline workflows and enhance efficiency.• Develop and maintain technical security configuration standards.• Develop and communicate security policies, standards, and procedures to ensure consistent security practices throughout the organization.• Stay up to date with relevant regulations, standards, and industry best practices. Implement necessary changes to GRC systems to ensure compliance with applicable laws and regulations.• Develop and mentor more junior staff on technical skills and risk assessments to constantly improve performance of the team.• Coordinate and participate in security audits and assessments and manage responses to findings.Candidate ProfileSuccessful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:• Generally a professional position with specific knowledge in a discipline (e.g., Accounting, Human Resources, Information Resources).• College degree and/or relevant experience typically required.Specific Candidate ProfileEducation• Bachelor’s degree in IT field preferred, or related field or equivalent work experience.• Advanced security certification preferred. Examples include CISSP, CISM, CRISC, CISA, CGEIT.Related Work Experience• Six to eight years of progressive experience in relevant information security positions.• Five years in a technical audit, security compliance, or equivalent role.Skills And Attributes• In-depth understanding of security frameworks (NIST, ISO 27001, CIS), regulatory requirements, and industry standards.• Strong knowledge of risk assessment methodologies and tools.• In-depth understanding of security risk assessment methodologies, vulnerability management, and threat modeling.• Familiarity with database management systems (SQL, NoSQL) and data modeling.• Familiarity with workflow design, basic development, and API integration functionality.• Experience with GRC/ERM tools• Knowledge of IP networking concepts, major operating systems, and cloud computing environments.• General working understanding of web application and network technologies, programming languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.• Advanced understanding and knowledge of security principles, standards, and processes, such as authentication and access control, secure configuration, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.• Ability to work effectively, independent of assistance or supervision.Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.