Job matched to your search
Director, Security Architect, APEC
Marriott International · Singapore
Free · Join 5,000+ job seekers using Qarera
How well do you match this role?
Tap the skills you already have — then see your real match score, what’s missing, and your resume fixed for this job.
Job description
Additional Information
Job Number26079732
Job CategoryInformation Technology
Location2 Harbourfront Place #06-08, Singapore, Singapore, Singapore, 098499
ScheduleFull Time
**Located Remotely?**N
Position Type Management
JOB SUMMARY
Lead and manage security architecture and engineering in APEC. Performs security accreditation and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.
Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.
Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership
CANDIDATE PROFILE
Education and Experience
Required:
- Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification
- 8+ years’ experience in Information Security with:
- 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role
- 2+ years’ team management experience with security technical team members
- 1-2 years’ experience/exposure to Common Controls Framework
- Exposure/functional understanding of NIST RMF
- Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),
Preferred Skills & Attributes
- Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person.
- Ability to conduct independent security research.
- Strong understanding of common OWASP flagship projects, Top 10, Cheat Sheets…etc.
- Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization
- Strong understanding of SDLC and security integration points
- Functional understanding of microservice application architecture
- Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies
- Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Tenable.io
- Comfortable with technical report writing and crafting security requirements.
- Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation
- Basic understanding of Vulnerability and Patch Management practices
- Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM
- Basic understanding of Agile Software Development Practices & DevOps
More jobs in Singapore
Browse related jobs
Don’t just read the job — see if you’ll get it.
Get your match score, a resume tailored to this exact role, and jobs like it — free.
Check my fit for this job