×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Senior Manager, Information Security; Vendor Security Risk

Job in Bethesda, Montgomery County, Maryland, 20813, USA
Listing for: Marriott International
Full Time position
Listed on 2026-06-06
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: Senior Manager, Information Security (Vendor Security Risk)
JOB SUMMARY

The candidate will be responsible for executing third-party risk assessments, including evaluating vendor control environments, documenting risk findings, and supporting risk-based outcomes. The candidate will also be responsible for supporting the overall security program including security policy, procedures, and standards, assessing the risk of the internal and external IT systems, ensuring Marriott iT documents are compliant with Marriott security policies and procedures, and reviewing documents for accuracy and completeness.

Conduct periodic reassessments of vendors based on risk tiering and data sensitivity. Review vendor-provided security evidence and identify control gaps and areas of risk. Candidate will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets.

Shares responsibility for planning, directing, and coordinating compliance activities pertaining to technology projects for a given business unit. Verifies that project goals are accomplished and in line with business objectives.

Excellent communication skills are required to effectively communicate (verbally and written) across all levels within the organization.

Operates effectively in a dynamic environment by managing shifting priorities, balancing multiple concurrent assessments, and adapting to evolving business needs and timelines while engaging stakeholders ranging from individual business owners to senior leadership.

CANDIDATE PROFILE

Education and Experience

Required:

* Bachelor's degree in Information Systems or related field or equivalent experience/certification

* 7+ years of information technology leadership experience including implementing, managing and governing security policies

* 3+ years direct work experience in third-party Risk Management

* One or more current information security certifications such as Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

Preferred:

* A security certification such as GWAPT, GPEN, AWS Associate Architect, AWS Professional Architect, PCI experience.

* Demonstrated ability to effectively engage stakeholders at multiple levels, from individual contributors and technical SMEs to senior leadership, in a fast-paced, evolving environment

* Experience executing third-party/vendor risk assessments within a defined framework

* Experience supporting escalation of high-risk scenarios to leadership, including preparing clear, concise risk summaries and recommended actions

* Strong ability to analyze control evidence and document risk findings clearly

* Technical leadership experience in an outsourced environment

* Excellent communication skills and problem-solving ability

* Experience with reviewing and assessing security controls of Cloud service providers

* Experience evaluating SaaS and cloud service providers

* Knowledge of OWASP Top 10 and SANS 25.

* Understanding of vulnerability management outputs and ability to assess associated risk

CORE WORK ACTIVITIES

Security Risk & Compliance

* Oversee, evaluate, and support the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization's information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations.

* Identify and escalate material control deficiencies or elevated risk conditions to management with clear supporting documentation and business impact context

* Highlight scenarios where vendor risk exceeds acceptable thresholds, including lack of required controls, incomplete remediation, or misalignment with data protection expectations

* Perform structured security risk assessments of third-party providers by reviewing control evidence, identifying gaps, and documenting…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search