Sr Manager, Security GRC, GC

Job Description

Job Number 24079237
Job Category Information Technology
Location Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, China VIEW ON MAP
Schedule Full-Time
Located Remotely? N
Relocation? N
Position Type Management

JOB SUMMARY:

The GC security GRC senior manager is a Shanghai-based position that is part of APAC GIS team and focuses on security governance, risk and compliance matters for GC region. This role is as a core member of the GRC team that will mature the Company’s cyber regulation compliance posture and ensure the day-to-day compliance for GC by collaborating within information security team and the broader business disciplines, such as IT, Digital, Legal, Government Affairs, etc.

The candidate will also be responsible for supporting the overall Asia Pacific security program including security policy, procedures, and standards, ensuring Marriott’s Global Technology documents are compliant with Marriott security policies and procedures, and reviewing documents for accuracy and completeness.

CANDIDATE PROFILE

Education and Experience

Required:

• 7+ years progressive experience in related fields such as information security, cyber regulation compliance, IT audit etc. That also includes direct experience with:
  • security tooling for logging, monitoring, alerting, and reporting (e.g. Splunk)
  • vulnerability management tools (e.g. Tenable.io)
  • database security (e.g. MySQL, SQL Server)
  • mainstream security products (e.g. Firewall, IDS/IPS, EPP/AV, SWG)
  • main cloud/infrastructure and operation systems security domains (e.g. AWS, Ali cloud, Unix/Linux, Windows)
• Must possess Chinese and English Language proficiency (reading/writing/speaking. Bi/multi-lingual skills)

Additional Preferred skills and experience:

• Familiarity with security management of mainstream cloud platforms, such as Alicloud, Tencent, AWS etc.
• Familiarity with main China Cyber Security laws and data protection requirements, including MLPS, CBDT, PIPL etc.
• Bi/multi-lingual skills
• Experience in leading or participating in cyber incident response events.
• Industry certifications such as CISA, CISM, CISSP, PCI ISA etc.
• Knowledge of hospitality culture

Key Stakeholders

• Singapore Security Center
• Continent Information Security Partnership
• GC IT leaders
• Hotel IT associates
• Global Information Security
• APAC Digital team
• APAC Legal team
• Other roles involved in data and system protection

CORE WORK ACTIVITIES

Managing Projects and Priorities

• Responsible for cyber regulation internal assessments and risk management based on China security law, data protection regulatory requirements etc.
• Partners with continent information security partnership team and cyber fusion center to maintain cyber regulation compliance monitoring mechanism for China.
• Manages and monitors the IT risk posture for hotel IT environment, cloud data platforms, web security, and digital channels.
• Coordinates or performs remediation activities identified from internal and external cyber regulation assessments.
• Performs regular cyber compliance metric reporting and monitor key risk indicators.
• Supports cyber incident response management by localizing the global incident response process to fit with regional purpose and coordinate simulations.
• Supports regulator inspections, coordinates submission preparation, and tracks remediations.
• Implements cyber regulation awareness program catering various roles in the entity.
• Monitors cyber threats, analyzes key risks related to cyber regulations, and defines solutions with wider IT and Security teams.
• Monitors compliance controls over key IT assets on daily basis.
• Perform regular Security Risk Assessment including 3^rd Party risk assessment and review.

Maintaining Goals

• Submits reports in a timely manner, ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.

Managing Work, Projects, and Policies

• Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely, accurate, and detailed status reports as requested.

Demonstrating and Applying Discipline Knowledge

• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job.
• Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

Delivering on the Needs of Key Stakeholders

• Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies.
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Demonstrates an understanding of business priorities.

Additional Responsibilities

• Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner.
• Demonstrates self-confidence, energy and enthusiasm.
• Informs and/or updates leaders on relevant information in a timely manner.
• Manages time effectively and conducts activities in an organized manner.
• Presents ideas, expectations and information in a concise, organized manner.
• Uses problem solving methodology for decision making and follow up.
• Performs other reasonable duties as assigned by manager.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.

Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work,​ begin your purpose, belong to an amazing global​ team, and become the best version of you.