Senior Manager, Information Security (Vendor Security Risk)

Other Jobs To Apply

<div style="font-style:normal;font-weight:400;margin:0px;padding:0px"> <div style="margin:0px;padding:0px"> <p><strong>JOB SUMMARY</strong> </p> </div> <div style="margin:0px;padding:0px"> <p>The candidate will be responsible for executing third-party risk assessments, including evaluating vendor control environments, documenting risk findings, and supporting risk-based outcomes. The candidate will also be responsible for supporting the overall security program including security policy, procedures, and standards, assessing the risk of the internal and external IT systems, ensuring Marriott iT documents are compliant with Marriott security policies and procedures, and reviewing documents for accuracy and completeness. </p> </div> <div style="margin:0px;padding:0px"> <p>Conduct periodic reassessments of vendors based on risk tiering and data sensitivity. Review vendor-provided security evidence and identify control gaps and areas of risk. Candidate will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets. Shares responsibility for planning, directing, and coordinating compliance activities pertaining to technology projects for a given business unit. Verifies that project goals are accomplished and in line with business objectives. </p> </div> <div style="margin:0px;padding:0px"> <p>Excellent communication skills are required to effectively communicate (verbally and written) across all levels within the organization. </p> </div> <div style="margin:0px;padding:0px"> <p>Operates effectively in a dynamic environment by managing shifting priorities, balancing multiple concurrent assessments, and adapting to evolving business needs and timelines while engaging stakeholders ranging from individual business owners to senior leadership. </p> </div> <div style="margin:0px;padding:0px"> <p> </p> </div> <div style="margin:0px;padding:0px"> <p><strong>CANDIDATE PROFILE</strong> </p> </div> <div style="margin:0px;padding:0px"> <p><strong>Education and Experience</strong> </p> </div> <div style="margin:0px;padding:0px"> <p><strong>Required:</strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Bachelor’s degree in Information Systems or related field or equivalent experience/certification </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>7+ years of information technology leadership experience including implementing, managing and governing security policies </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>3+ years direct work experience in third-party Risk Management </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>One or more current information security certifications such as Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong> </strong></p> </div> </div> <div style="font-style:normal;font-weight:400;margin:0px;padding:0px"> <div style="margin:0px;padding:0px"> <p><strong>Preferred:</strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>A security certification such as GWAPT, GPEN, AWS Associate Architect, AWS Professional Architect, PCI experience. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Demonstrated ability to effectively engage stakeholders at multiple levels, from individual contributors and technical SMEs to senior leadership, in a fast-paced, evolving environment </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Experience executing third-party/vendor risk assessments within a defined framework </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Experience supporting escalation of high-risk scenarios to leadership, including preparing clear, concise risk summaries and recommended actions </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Strong ability to analyze control evidence and document risk findings clearly </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Technical leadership experience in an outsourced environment  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Excellent communication skills and problem-solving ability  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Experience with reviewing and assessing security controls of Cloud service providers </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Experience evaluating SaaS and cloud service providers  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Knowledge of OWASP Top 10 and SANS 25. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Understanding of vulnerability management outputs and ability to assess associated risk </li> </ul> </div> <div style="margin:0px;padding:0px"> <p> </p> </div> <div style="margin:0px;padding:0px"> <p><strong>CORE WORK ACTIVITIES</strong> </p> </div> <div style="margin:0px;padding:0px"> <p><strong>Security Risk & Compliance</strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Oversee, evaluate, and support the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements.  Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations. </li> </ul> </div> </div> <div style="font-style:normal;font-weight:400;margin:0px;padding:0px"> <div style="margin:0px;padding:0px"> <ul> <li>Identify and escalate material control deficiencies or elevated risk conditions to management with clear supporting documentation and business impact context  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Highlight scenarios where vendor risk exceeds acceptable thresholds, including lack of required controls, incomplete remediation, or misalignment with data protection expectations  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Perform structured security risk assessments of third-party providers by reviewing control evidence, identifying gaps, and documenting risk findings  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Document clear and defensible control gap analysis and risk assessments  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Review controls exception requests and provides risk-based input and recommendations  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Review and interpret security findings provided by vendors or internal sources to determine risk impact </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Validate completeness of assessment inputs and document findings and risk impact in an audit-ready manner </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Lead, participate or perform various infrastructure compliance initiatives and projects </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Monitor compliance to applicable security policies and standards and report related risk issues </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Manage and administer processes and tools that enable the organization to identify, document, and track third party risks and compliance exceptions </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assess the level of risk, and develop and/or recommend and operationalize appropriate mitigation countermeasures. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Provide sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocate policy changes and make a case on behalf of the company via a wide range of written and oral work products. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Oversee the information assurance (IA) program of an information system in or outside the network environment </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong>Maintaining Goals</strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Submits reports in a timely manner, ensuring delivery deadlines are met. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Promotes the documenting of project progress accurately. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Provides input and assistance to other teams regarding projects. </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong>Managing Work, Projects, and Policies </strong> </p> </div> </div> <div style="font-style:normal;font-weight:400;margin:0px;padding:0px"> <div style="margin:0px;padding:0px"> <ul> <li>Manages multiple concurrent assessments and deliverables, adjusting priorities as needed to meet changing business demands  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Coordinates across multiple stakeholders (e.g., business owners, application teams, and supporting technical contacts) to obtain required information and complete assessments </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Escalates risks and blockers impacting assessment timelines or outcomes, including delays in stakeholder responses, incomplete vendor evidence, or conflicting business priorities </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Manages and implements work and projects as assigned. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Generates and provides accurate and timely results in the form of reports, presentations, etc. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Analyzes information and evaluates results to choose the best solution and solve problems. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li><i>Provides timely, accurate, and detailed status reports as requested.</i> </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong>Demonstrating and Applying Discipline Knowledge </strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Provides technical expertise and support to persons inside and outside of the department. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Demonstrates knowledge of job-relevant issues, products, systems, and processes. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Demonstrates knowledge of function-specific procedures. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Keeps up-to-date technically and applies new knowledge to job. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Uses computers and computer systems (including hardware and software) to enter data and/ or process information. </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong>Delivering on the Needs of Key Stakeholders</strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Adapts communication style and level of detail based on audience, including working directly with technical SMEs, business owners, and senior leadership stakeholders  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Engages business owners to gather required information, validate vendor use cases, and progress assessments efficiently  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Provides clear, concise risk summaries and recommended actions suitable for leadership-level review and decision-making  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Escalates high-risk vendor scenarios to senior leadership with well-documented context and recommended actions (e.g., significant control gaps identified during assessment, vendors handling sensitive data without required safeguards, or unresolved critical findings nearing go-live timelines)  </li> </ul> </div> </div> <div style="font-style:normal;font-weight:400;margin:0px;padding:0px"> <div style="margin:0px;padding:0px"> <ul> <li>Balances competing stakeholder priorities across multiple engagements while maintaining quality, consistency, and timeliness of deliverables  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Develops specific goals and plans to prioritize, organize, and accomplish work. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Demonstrates an understanding of business priorities </li> </ul> </div> <div style="margin:0px;padding:0px"> <p><strong>Additional Responsibilities </strong> </p> </div> <div style="margin:0px;padding:0px"> <ul> <li>Maintains responsiveness and adaptability in fast-paced or ambiguous situations, ensuring timely progression of assessments and deliverables  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Responds to ad hoc requests requiring leadership visibility, including summarizing vendor risk posture, providing status updates, or supporting time-sensitive decision-making scenarios  </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Provides information to supervisors and co-workers by telephone, in written form, e-mail, or in person in a timely manner. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Demonstrates self-confidence, energy and enthusiasm. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Informs and/or updates leaders on relevant information in a timely manner. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Manages time effectively and conducts activities in an organized manner. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Presents ideas, expectations and information in a concise, organized manner. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Uses problem solving methodology for decision making and follow up. </li> </ul> </div> <div style="margin:0px;padding:0px"> <ul> <li>Performs other reasonable duties as assigned by manager. </li> </ul> </div> </div> <p> </p> <p><i>At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates.  We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law. </i></p> <br><div> All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click <a href="https://life.marriott.com/wp-content/uploads/2025/09/benefitsoverviewp_2025edits_8.19.25.pdf" target="_blank" rel="nofollow">here</a> to learn more. </div> <div> <br> </div> <div> Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.  </div> <div> <br> </div> <div> <b>Washington Applicants Only</b>: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually. </div> <div> <br> </div> <div> Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions. </div> <br>Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. <b>Be</b> where you can do your best work,​ <b>begin</b> your purpose, <b>belong</b> to an amazing global​ team, and <b>become</b> the best version of you.

Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...