Director, Security Architect, Certification and Accreditation, GC
2 weeks ago
JOB SUMMARY
Lead and manage security architecture and engineering team in Great China. Performs certification of Security Control attestations and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.
Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.
Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification 8+ years’ experience in Information Security with: 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role 2+ years’ team management experience with security technical team members 1-2 years’ experience/exposure to Common Controls Framework Exposure/functional understanding of NIST RMF Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),Preferred Skills & Attributes
Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person. Ability to conduct independent security research Strong understanding of common OWASP flagship projects, Top , Cheat Sheets…etc. Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization Strong understanding of SDLC and security integration points Functional understanding of microservice application architecture Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Comfortable with technical report writing and crafting security requirements. Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation Basic understanding of Vulnerability and Patch Management practices Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM Basic understanding of Agile Software Development Practices & DevOps Master’s degree in Computer Science or Software Engineering Mid-level cloud computing certification, AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer Functional knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall) Functional understanding of common cryptographic algorithms and libraries Functional foundational understanding of Cloud ComputingCORE WORK ACTIVITIES
Security Certification
Represent GIS C&A on all Release Communications, discussions and meetings Process Releases and Security Engagements assigned to C&A. Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place. Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection. Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery. Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls. Works with other security team members to research and test for complex security issues. Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws. Validates external security researcher bug bounty submissions. Ensures applications are built according to enterprise security standards.Security Accreditation
Works with development teams to review application source code for security and operational risks. Perform manual code reviews of applications that are not compatible with automated SAST tools. Provide detailed security documentation to developers, software engineers and technical personnel when necessary Provide guidance and recommendation to software architects and engineers on how to correct code related security flawsManaging Work, Projects, and Policies
Manage security architecture and engineering team in Great China. Participate in peer reviews of security assessments created by other team members. Manage tickets and SLAs associated with security testing efforts. Maintain and contribute to the enterprise SSDLC standard. Coordinates and implements work and projects as assigned. Generates and provides accurate and timely results in the form of reports, presentations, etc. Analyzes information and evaluates results to choose the best solution and solve problems. Develops specific goals and plans to prioritize, organize, and accomplish work. Sets and tracks goal progress for self and others. Monitors the work of others to ensure it is completed on time and meets expectations. Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.Leading Team
Creates a team environment that encourages accountability, high standards, and innovation. Leads specific team while assisting with meeting or exceeding department goals. Makes sure others understand performance expectations. Ensures that goals are being translated to the team as they relate to tracking and productivity. Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service. Understands employee and develops plans to address need areas and expand on the strengths. Provides the team with the capabilities needed to meet or exceed expectations. Leads by example demonstrating self-confidence, energy and enthusiasm.Conducting Human Resources Activities
Acts proactively when dealing with employee concerns. Extends professionalism and courtesy to employees at all times. Communicates/updates all goals and results with employees. Meets semiannually with staff on a one-to-one basis. Establishes and maintains open, collaborative relationships with employees. Solicits employee feedback. Interviews job candidates and assists in making hiring decisions. Receives hiring recommendations from team supervisors. Ensures orientations for new team members are thorough and completed in a timely fashion. Observes behaviors of employees and provides feedback to individuals.Additional Responsibilities
Provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner. Manages group or interpersonal conflict. Informs and/or updates executives, peers, and subordinates on relevant information in a timely manner. Manages time effectively and conducts activities in an organized manner. Presents ideas, expectations and information in a concise, organized manner. Uses problem solving methodology for decision making and follow up. Performs other reasonable duties as assigned by manager.-
Sr Manager, Security GRC, GC
2 weeks ago
Shanghai, China Corporate Full timeJOB SUMMARY: The GC security GRC senior manager is a Shanghai-based position that is part of APAC GIS team and focuses on security governance, risk and compliance matters for GC region. This role is as a core member of the GRC team that will mature the Company’s cyber regulation compliance posture and ensure the day-to-day compliance for GC by...
-
Senior Security Architect
3 weeks ago
Shanghai, China NVIDIA Full timeNVIDIA is looking for creative hardware architect to join us in architecting world class crypto accelerator IPs.We are a team responsible for building world-class security IPs to accelerate various cryptographic algorithms for NVIDIA GPU and Tegra SOC.As a senior hardware architect for the security IP team, you will focus on the architecture definition of...
-
Senior Director, Loyalty Marketing, GC
2 weeks ago
Shanghai, China Corporate Full timeJOB SUMMARYThe Senior Director, Loyalty Marketing, GC is a key member of GC Marketing team. The purpose of this position is to plan and execute continent loyalty and portfolio marketing in a manner that is locally relevant and aligned with the global strategy. He/she has responsibility for:• Loyalty program marketing to support drive loyalty program...
-
Director, Internal
6 days ago
Shanghai, Shanghai, China Marriott Full timeJob Number Job Category Public Relations & CommunicationsLocation Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, ChinaSchedule Full-TimeLocated Remotely? NRelocation? NPosition Type ManagementJOB SUMMARYCommunications and Brand PR is an integral part of the Consumer Operations function which leads the overall consumer strategy comprising of...
-
Director, Internal
7 days ago
Shanghai, China Marriott Full timeJob Number 24083222 Job Category Public Relations & Communications Location Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, China Schedule Full-Time Located Remotely? N Relocation? N Position Type Management JOB SUMMARY Communications and Brand PR is an integral part of the Consumer Operations function which leads...
-
Sr. Director, Distribution, Greater China
2 weeks ago
Shanghai, China Corporate Full timeJOB SUMMARY The global distribution landscape in the lodging industry continues to expand and become more complex, and Marriott International recognizes the importance of the continued development and execution of a comprehensive channel distribution strategy with specific focus on the nuanced business needs of our global hotels portfolio. The Senior...
-
Regional Technical
3 weeks ago
Shanghai, China BSI Full timeGreat that you're thinking about a career with BSI! Countries in APAC include Australia & New Zealand, Greater China (China & Hong Kong), Japan, North East Asia (Taiwan & South Korea) and ASEAN (Indonesia, Malaysia, Philippines, Singapore, Thailand & Vietnam). Overview / Purpose of the position To ensure the assigned regional business...
-
Manager, Brand Portfolio Activation
2 weeks ago
Shanghai, China Marriott International, Inc. Full timeJOB SUMMARY[Location flexible in Hong Kong or Shanghai]The Manager – Brand Portfolio Activation and Standards (For Premium Brands) has three primary responsibilities;1. Co-develop strategic planning, activation, execution and communications for multi-Brands projects, initiatives and programming.2. Partner with Premium Brand Management Leaders and Regional...
-
Arch Intern, Security
1 month ago
Shanghai, China NVIDIA Full timeWe are a team responsible for building various security IP hardware for NVIDIA GPU and Tegra SOC. We are looking for creative and talented master or PhD students with security / crypto background to join our summer internship program in research of world class security IPs (PQC/PUF direction). As an architect in security IP you will be able to work together...
-
China IT Enterprise Architect/企业架构师
3 weeks ago
Shanghai, China Unilever Full timeBackground: Unilever is the global company behind powerhouse brands such as Dove, Persil and PG Tips. The Unilever corporate strategy (The Compass) sets out an ambitious growth and sustainability objective for Unilever. Technology in Unilever is at the forefront of genuine globalisation. Technology touches every part of our organisation enabling our...
-
Cybersecurity Architect/网络安全架构师
4 weeks ago
Shanghai, China Mercedes-Benz Full timeTätigkeitsbereich:Forschung & Entwicklung incl. DesignFachabteilung:Research & Development SoftwareGesellschaft:Mercedes-Benz Group China Ltd.Standort:Shanghai, CNStartdatum:sofortVeröffentlichungsdatum:..4Stellennummer:MERNBArbeitszeit:Vollzeit Join usAufgaben Job Objective Responsible for tracking the dynamics of smart car network cybersecurity...
-
Client Solution Architect
3 weeks ago
Shanghai, China CHANEL Full timeSummary of position For Chanel’s IT transformation and Cloud Engineering practice, we are looking for a solution architect for client solution domain whose primary goal is to design and implement the solutions in the domain, typically as part of more extensive transformation programs. The solution architect will provide oversight of the following: ...
-
Head of Technical
3 weeks ago
Shanghai, China BSI Full timeGreat that you're thinking about a career with BSI! Purpose of Position To ensure the assigned cluster/country business obtains and maintains accreditation with appropriate Accreditation Bodies, providing the ability and reputational status for the business to trade with its clients globally. To ensure that the business has, and effectively utilises,...
-
Shanghai, China TecAlliance Full timeTecAlliance interconnects entirely global automotive aftermarket data & knowledge from order to invoice. Over 900+ colleagues work relentlessly globally together in 140 countries and counting. We are owned by 34 automotive companies like Bosch, Continental, Rheinmetall, or ZF and proudly connect all data for them. Main responsibilities Ensure...
-
Shanghai, China Amazon Information Service (Beijing) Co., Ltd. (Shanghai Branch) - C34 Full timeAmazon Selling Partner API (SP-API) is the next generation suite of API-based automation functionality for Amazon's Selling Partners. We are looking for an experienced and self-motivated Solutions Architect, who possesses a unique balance of technical depth and customer-facing experience. This Solutions Architect will have an opportunity to work with...
-
Client Engineer
1 month ago
Shanghai, China Electronic Arts Full timeAs a client engineer, you will be responsible for ensuring the safety and security of our mobile clients. You will work closely with our software engineering and product teams to create and implement security measures that protect our mobile clients from potential threats and you will report to a Senior Software Engineer or Technical Director. Job location:...
-
Security Engineer
4 weeks ago
Shanghai, China Donaldson Full timeDonaldson is committed to solving the world’s most complex filtration challenges. Together, we make cool things. As an established technology and innovation leader, we are continuously evolving to meet the filtration needs of our changing world. Join a culture of collaboration and innovation that matters and a chance to learn, effect change, and make...
-
Senior Manager, Tech lead
4 weeks ago
Shanghai, China Coca Cola Full timeDescription Summary: DESCRIPTION & REQUIREMENTS: Position Overview: The Martech full stack tech, GC&M (Greater China & Mongolia) is primarily expected to design, supervise, and provide technical guidance over the solution architecture and engineering/tech excellence in building and operating scalable platform in the area like mini programs,...
-
Innovation and Performance Director
3 weeks ago
Shanghai, China Henkel Full timeAt Henkel, you can build on a strong legacy and leading positions in both industrial and consumer businesses to reimagine and improve life every day. If you love challenging the status quo, join our community of over 50,000 pioneers around the globe. Our teams at Henkel Consumer Brands continuously drive the evolution in dynamic categories: Laundry & Home...
-
IT Security Officer
3 weeks ago
Shanghai, China Bureau Veritas Group Full timeJob Purpose This position has an objective to Drive the implementation of Group IT Governance and Cyber Security Strategy across the region by assisting the OG CISO. Achieve and maintain IT compliance across the region as per group policies and IT standards and regulations. Minimize the cyber security threats and related risks across the region by...
