Director - Information Security - Data Security Engineering

Marriott International’s Global Information Security is seeking a Director of Data Security Engineering to lead the data security engineering team and oversee initiatives to implement strong security strategies and controls within the organization. The role involves managing the design, development, and execution of data security solutions to protect critical information and ensure regulatory compliance. Responsibilities include enhancing data security operations, refining processes for DLP and data discovery solutions, offering guidance on Database Activity Monitoring (DAM), and improving DAM system performance through rule adjustments and reporting, as well as supporting DAM tool upgrades.

CANDIDATE PROFILE 

Required Education and Experience 

• Bachelor’s degree in computer sciences, computer engineering or related technology or security field or equivalent experience/certification
• 8+ years of progressive Information Security experience that includes at least 3 years in leading operational projects focused on Data Protection solutions where you’ve developed a comprehensive knowledge of the data protection ecosystem, including a thorough understanding of various information security domains and their interconnections within the ecosystem.
• 3+ years deploying and managing Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), and endpoint protection technologies.

Preferred:

• Strong grasp of cryptographic concepts and their application in practice.
• Current information security certifications - Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or other.
• Good understanding and experience working with frameworks and regulations - NIST, ISO27001, PCI DSS, GDPR and CCPA
• Adept at conducting research into process and governance best practices, models, and methodologies.
• Strong domain expertise, operations, implementation and/or integration skills in at least four (4) of the following areas:
  • Data discovery, inventory, and classification solutions (e.g., Microsoft Purview, BigID)
  • Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) (e.g., Microsoft, Netskope)
  • Database Activity Monitoring (DAM) (e.g., jSonar, IBM Guardium)
• Data Access Governance (e.g., Varonis)
• Data Security Posture Management (DSPM) tools (e.g., Prisma Cloud, Laminar)
• Security of data lakes, and data warehouses leveraging unstructured databases and big data platforms
• Systems administration experience with various operating systems such as Windows Server and Linux
• Experience working in Agile and Scrum methodologies.

CORE RESPONSIBILITIES 

• Lead the data security engineering team in developing and executing data security strategies and controls aligned with the organization's goals and compliance requirements.
• Define and implement scalable and effective data security architectures, ensuring the protection of sensitive data across the enterprise.
• Identify and assess data security risks, vulnerabilities, and threats. Develop and implement risk mitigation strategies and controls.
• Oversee the evaluation, selection, and deployment of cutting-edge data security technologies, tools, and solutions.
• Assist in incident response efforts for data security incidents, working closely with cross-functional teams to ensure effective containment and resolution.
• Provide leadership, mentorship, guidance, and career development opportunities to the data security engineering team members.
• Collaborate with cross-functional teams, including IT, compliance, legal, and business units, to ensure data security measures are integrated seamlessly.
• Stay abreast of evolving data security regulations and compliance standards. Ensure the organization's data security practices adhere to industry best practices and legal requirements.
• Promote a culture of data security awareness and educate employees about best practices for protecting sensitive information.
• Other assigned duties as necessary to ensure excellent security services and risk mitigation across the business.

The salary range for this position is $156,000 to $194,200 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus and restricted stock units/stock grants.

Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.  

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.  Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD;  candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 28 days after the date of this posting, November 22, 2024.

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.