Director, Security Architect, Certification and Accreditation, GC
4 weeks ago
JOB SUMMARY
Lead and manage security architecture and engineering team in Great China. Performs certification of Security Control attestations and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.
Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.
Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification 8+ years’ experience in Information Security with: 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role 2+ years’ team management experience with security technical team members 1-2 years’ experience/exposure to Common Controls Framework Exposure/functional understanding of NIST RMF Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),Preferred Skills & Attributes
Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person. Ability to conduct independent security research Strong understanding of common OWASP flagship projects, Top 10, Cheat Sheets…etc. Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization Strong understanding of SDLC and security integration points Functional understanding of microservice application architecture Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Comfortable with technical report writing and crafting security requirements. Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation Basic understanding of Vulnerability and Patch Management practices Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM Basic understanding of Agile Software Development Practices & DevOps Master’s degree in Computer Science or Software Engineering Mid-level cloud computing certification, AWS Solutions Architect Associate, Azure Administrator Associate, Google Associate Cloud Engineer Functional knowledge software engineering concepts: GOF software design patterns, SOLID design principles (SRP, OSP, LSP, ISP, and DIP) and design methods (Scrum, XP, Lean, Waterfall) Functional understanding of common cryptographic algorithms and libraries Functional foundational understanding of Cloud ComputingCORE WORK ACTIVITIES
Security Certification
Represent GIS C&A on all Release Communications, discussions and meetings Process Releases and Security Engagements assigned to C&A. Review Security Engagement final documentation and verify all required controls meet the security objectives and are in-place. Evaluates applications for security flaws by performing fuzzing, access/authorization bypass, business logic abuse and intentional fault injection. Uses Static and Dynamic Analysis tools to support broad testing and vulnerability discovery. Reviews application architectures and implementation details for design flaws, incorrect security implementation and missing security controls. Works with other security team members to research and test for complex security issues. Consults with Software Engineers, Infrastructure Architects and Security Architects to correct application, architectural or environment flaws. Validates external security researcher bug bounty submissions. Ensures applications are built according to enterprise security standards.Security Accreditation
Works with development teams to review application source code for security and operational risks. Perform manual code reviews of applications that are not compatible with automated SAST tools. Provide detailed security documentation to developers, software engineers and technical personnel when necessary Provide guidance and recommendation to software architects and engineers on how to correct code related security flawsManaging Work, Projects, and Policies
Manage security architecture and engineering team in Great China. Participate in peer reviews of security assessments created by other team members. Manage tickets and SLAs associated with security testing efforts. Maintain and contribute to the enterprise SSDLC standard. Coordinates and implements work and projects as assigned. Generates and provides accurate and timely results in the form of reports, presentations, etc. Analyzes information and evaluates results to choose the best solution and solve problems. Develops specific goals and plans to prioritize, organize, and accomplish work. Sets and tracks goal progress for self and others. Monitors the work of others to ensure it is completed on time and meets expectations. Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.Leading Team
Creates a team environment that encourages accountability, high standards, and innovation. Leads specific team while assisting with meeting or exceeding department goals. Makes sure others understand performance expectations. Ensures that goals are being translated to the team as they relate to tracking and productivity. Creates and nurtures an environment that emphasizes motivation, empowerment, teamwork, continuous improvement and a passion for providing service. Understands employee and develops plans to address need areas and expand on the strengths. Provides the team with the capabilities needed to meet or exceed expectations. Leads by example demonstrating self-confidence, energy and enthusiasm.Conducting Human Resources Activities
Acts proactively when dealing with employee concerns. Extends professionalism and courtesy to employees at all times. Communicates/updates all goals and results with employees. Meets semiannually with staff on a one-to-one basis. Establishes and maintains open, collaborative relationships with employees. Solicits employee feedback. Interviews job candidates and assists in making hiring decisions. Receives hiring recommendations from team supervisors. Ensures orientations for new team members are thorough and completed in a timely fashion. Observes behaviors of employees and provides feedback to individuals.Additional Responsibilities
Provides information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person in a timely manner. Manages group or interpersonal conflict. Informs and/or updates executives, peers, and subordinates on relevant information in a timely manner. Manages time effectively and conducts activities in an organized manner. Presents ideas, expectations and information in a concise, organized manner. Uses problem solving methodology for decision making and follow up. Performs other reasonable duties as assigned by manager.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
-
Shanghai, Shanghai, China Marriott International Full timeJOB DESCRIPTIONLead and oversee the security architecture and engineering team for the Greater China region. Certification of Security Control attestations and assessment of control implementation to grant Approval for new infrastructure, services, applications, and processes in Marriott's Production Environments. Utilize Security Engagement processes,...
-
Senior Security Architect
2 months ago
Shanghai, China NVIDIA Full timeNVIDIA is looking for creative hardware architect to join us in architecting world class crypto accelerator IPs.We are a team responsible for building world-class security IPs to accelerate various cryptographic algorithms for NVIDIA GPU and Tegra SOC.As a senior hardware architect for the security IP team, you will focus on the architecture definition of...
-
Senior Security Architect
4 weeks ago
Shanghai, China NVIDIA Full timeNVIDIA is looking for creative hardware architect to join us in architecting world class crypto accelerator IPs.We are a team responsible for building world-class security IPs to accelerate various cryptographic algorithms for NVIDIA GPU and Tegra SOC.As a senior hardware architect for the security IP team, you will focus on the architecture definition of...
-
Shanghai, China Coca Cola Full timeDescription Summary: Position Overview: The Information Security Officer, GCM at The Coca-Cola Company will be a part of the Global Cybersecurity function under the Regional Information Security team. In this role you will lead or be a key coordinator of security initiatives to improve the security posture of the Greater China Operating Unit (OU),...
-
Product Security Architect
2 weeks ago
Shanghai, Shanghai, China Thermo Fisher Scientific Full timeJob Description: Evaluate and offer technical security architecture advice on the design and implementation of products Provide technical expertise on security topics such as Cloud, e-Commerce, IoT, Endpoint, Network, and Servers Maintain and enhance a comprehensive cybersecurity reference architecture Support the creation of reusable technologies and...
-
Product Security Architect
1 month ago
Shanghai, China Thermo Fisher Scientific Full time: Evaluate and provide technical security architecture guidance in the assessment of the design and implementation of products Provide technical subject matter expertise concerning security such as Cloud, e-Commerce, IoT, Endpoint, Network, and Servers Maintain and mature a holistic cybersecurity reference architecture Support the development of...
-
Product Security Architect
4 weeks ago
Shanghai, China Thermo Fisher Scientific Full time: Evaluate and provide technical security architecture guidance in the assessment of the design and implementation of products Provide technical subject matter expertise concerning security such as Cloud, e-Commerce, IoT, Endpoint, Network, and Servers Maintain and mature a holistic cybersecurity reference architecture Support the development of...
-
Director, Internal
4 weeks ago
Shanghai, Shanghai, China Marriott Full timeJob Number Job Category Public Relations & CommunicationsLocation Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, ChinaSchedule Full-TimeLocated Remotely? NRelocation? NPosition Type ManagementJOB SUMMARYCommunications and Brand PR is an integral part of the Consumer Operations function which leads the overall consumer strategy comprising of...
-
Director, Internal
2 months ago
Shanghai, Shanghai, China Marriott Full timeJob Number Job Category Public Relations & CommunicationsLocation Shanghai Operations, 9/F Tower B One ITC, Shanghai, Shanghai, ChinaSchedule Full-TimeLocated Remotely? NRelocation? NPosition Type ManagementJOB SUMMARYCommunications and Brand PR is an integral part of the Consumer Operations function which leads the overall consumer strategy comprising of...
-
Information Security Lead China
2 weeks ago
Shanghai, Shanghai, China Smith+Nephew Full timeSmith + Nephew is seeking an experienced Information Security professional to take on a role as primary Security Lead for China operations. The successful candidate will provide in-country support and guidance to the local IT and Business teams, applying Global Information Security Strategy and Governance, and manage compliance with China Cybersecurity Law...
-
Information Security Lead China
4 weeks ago
Shanghai, China Smith+Nephew Full timeSmith + Nephew is seeking an experienced Information Security professional to take on a role as primary Security Lead for China operations. The successful candidate will provide in-country support and guidance to the local IT and Business teams, applying Global Information Security Strategy and Governance, and manage compliance with China Cybersecurity Law...
-
Shanghai, China VISA Full timeJob Description And Responsibilities Team Summary Visa owns the most recognizable global brand in the financial services industry. Visa partners with internal and external stakeholders for championing security in the markets and maintaining the integrity of the digital payments’ ecosystem. With the increased regulatory oversight in some of the...
-
Shanghai, China VISA Full timeJob Description And Responsibilities Team Summary Visa owns the most recognizable global brand in the financial services industry. Visa partners with internal and external stakeholders for championing security in the markets and maintaining the integrity of the digital payments’ ecosystem. With the increased regulatory oversight in some of the...
-
Sr. Director, Distribution, Greater China
1 month ago
Shanghai, China Marriott International Full timeJOB SUMMARY The global distribution landscape in the lodging industry continues to expand and become more complex, and Marriott International recognizes the importance of the continued development and execution of a comprehensive channel distribution strategy with specific focus on the nuanced business needs of our global hotels portfolio. The Senior...
-
Sr. Director, Distribution, Greater China
2 weeks ago
Shanghai, Shanghai, China Marriott International Full timeJOB SUMMARY The global distribution landscape in the lodging industry continues to expand and become more complex, and Marriott International recognizes the importance of the continued development and execution of a comprehensive channel distribution strategy with specific focus on the nuanced business needs of our global hotels portfolio. The Senior...
-
Sr. Director, Distribution, Greater China
4 weeks ago
Shanghai, China Marriott International Full timeJOB SUMMARY The global distribution landscape in the lodging industry continues to expand and become more complex, and Marriott International recognizes the importance of the continued development and execution of a comprehensive channel distribution strategy with specific focus on the nuanced business needs of our global hotels portfolio. The Senior...
-
Lead, Finance GC
2 weeks ago
Shanghai, Shanghai, China Nike Full timeSummary: Nike Marketplace Finance team is looking for a finance lead, being a trusted partner of Nike digital commerce and membership team. This role will have responsibility of elevated financial analysis and decision support to Nike marketplace leadership. The role will report to Director, Finance Digital Commerce.Key Responsibilities: Partner closely with...
-
Lead, Finance GC
4 weeks ago
Shanghai, Shanghai, China Nike Full timeSummary: Nike Marketplace Finance team is looking for a finance lead, being a trusted partner of Nike digital commerce and membership team. This role will have responsibility of elevated financial analysis and decision support to Nike marketplace leadership. The role will report to Director, Finance Digital Commerce.Key Responsibilities: Partner closely with...
-
Director, Strategy, Brand and Marketing, GC
2 weeks ago
Shanghai, Shanghai, China Nike Full timeRejoignez l'équipe NIKE, Inc. Loin de se contenter d'équiper les plus grands athlètes mondiaux, NIKE, Inc. explore les potentiels, abolit les frontières et repousse les limites du possible. L'entreprise recherche des personnes capables d'évoluer, de réfléchir, de rêver et de créer. L'épanouissement de sa culture repose sur son ouverture à la...
-
Cyber Security Product Manager
1 month ago
Shanghai, China Bureau Veritas Group Full timeIn charge of the whole Industrial Cyber Security service development process and accountable for annual service revenue Ensure compliance of BV China Operations with the product accreditation and related rules, and contribute to the management of international accreditations Assist in the development of the marketing and sales strategy for related...
