Security Risk Analyst IV

**Relocation Assistance Available**

Position Summary 

 As a member of the professional staff, contributes general knowledge and skill in a discipline area (e.g., Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) to support team and/or department objectives.   

Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process. 

Specific Job Summary 

 The Sr. Manager, Security Risk Analyst IV is responsible for developing and implementing strategies to ensure the security of the organization's information systems and technology assets.  The role focuses on safeguarding our organization's digital assets and maintaining a strong security posture. The ideal candidate will provide thought leadership in identifying, analyzing, and addressing security risks, contributing to a comprehensive risk management strategy. In addition to executing risk assessments, this role involves managing the risk register, supporting the risk exception process, and developing key metrics to communicate the organization’s risk posture effectively. The individual will collaborate with cross-functional teams to integrate risk management practices into business and technology processes while driving continuous improvement of GRC programs. Key responsibilities include: 

• Collaborate with IT leadership to align security strategies with business goals and objectives. 

• Lead and perform risk assessments across internal systems, third-party relationships, and technology initiatives to identify, evaluate, and mitigate security risks. 

• Provide guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies. 

• Utilize software applications and tools that facilitate governance, risk assessment, and compliance management. These solutions may include risk assessment systems, compliance tracking platforms, and reporting dashboards. 

Results 

• Comprehensive risk assessments are conducted efficiently and consistently across the organization. 

• Risks are documented, prioritized, and addressed in alignment with organizational risk tolerance. 

• Automation and process improvements enhance the scalability and efficiency of GRC workflows. 

• Clear and actionable KPIs and metrics effectively communicate the organization’s risk posture to stakeholders. 

Working Relationships 

• Technology Infrastructure and Applications Leadership 

• Global Information Security 

• Procurement and Vendor Management 

• Privacy and Compliance Teams 

• Business stakeholders 

• Law 

• Internal Audit 

Generic Expected Contributions 

• Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.  

• Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.   

Specific Expected Contributions 

• Collaborates with IT leadership to align security strategies with business goals and objectives. 

• Provides guidance and oversight on security risk assessment projects, ensuring alignment with industry best practices and company policies. 

• Continuously evaluates cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive its remediation efforts.  

• Develops and manages the organization’s risk register, ensuring risks are tracked, categorized, and addressed appropriately. 

• Contributes to the design and implementation of GRC tools and processes to enhance the automation and scalability of risk management workflows. 

• Provides strategic guidance and thought leadership on risk management best practices, ensuring alignment with frameworks such as NIST, ISO 27001, and CIS. 

• Develop sand monitors KPIs and metrics to report the organization’s risk posture to stakeholders, including senior leadership. 

• Works closely with legal, compliance, and regulatory teams to ensure adherence to relevant industry standards, regulations, and data protection requirements. 

• Develops and maintains technical security configuration standards. 

• Develops and communicates security policies, standards, and procedures to ensure consistent security practices throughout the organization. 

• Stays up to date with relevant regulations, standards, and industry best practices. 

• Develops and mentors more junior staff on technical skills and risk assessments to constantly improve performance of the team. 

• Coordinates and participates in security audits and assessments and manage responses to findings. 

Generic Candidate Profile 

Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows: 

• Generally, a professional position with specific knowledge in a discipline (e.g., Accounting, Human Resources, Information Resources). 

• College degree and/or relevant experience typically required. 

Specific Candidate Profile 

Education 

• Bachelor’s degree in IT field preferred, or related field or equivalent work experience. 

Preferred Certifications 

• Advanced security certification preferred. Examples include CISSP, CISM, CRISC, CISA, CGEIT. 

Experience 

• At least 6 years of progressive experience in relevant information security positions. 

• Five years in a technical audit, security compliance, or equivalent role. 

Skills/Attributes  

• In-depth understanding of security frameworks (NIST, ISO 27001, CIS), regulatory requirements, and industry standards. 

• In-depth understanding of security risk assessment methodologies, vulnerability management, and threat modeling. 

• Familiarity with database management systems (SQL, NoSQL) and data modeling. 

• Familiarity with workflow design, basic development, and API integration functionality. 

• Experience with GRC tools 

• Knowledge of networking concepts, major operating systems, and cloud computing environments. 

• General working understanding of web application and network technologies, programming languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.  

• Advanced understanding and knowledge of security principles, standards, and processes, such as authentication and access control, secure configuration, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc. 

• Ability to work effectively, independent of assistance or supervision. 

Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.