Skip to sign up

Job matched to your search

Director, Security Architect, APEC

Marriott International · Singapore

Singapore · On-siteFull-TimePosted Jun 30, 2026

Free · Join 5,000+ job seekers using Qarera

How well do you match this role?

Tap the skills you already have — then see your real match score, what’s missing, and your resume fixed for this job.

↑ tap the skills you have
Loading sign-in…
Free · no credit card · 30 seconds

Job description

Additional Information

Job Number26079732

Job CategoryInformation Technology

Location2 Harbourfront Place #06-08, Singapore, Singapore, Singapore, 098499

ScheduleFull Time

**Located Remotely?**N

Position Type Management

JOB SUMMARY

Lead and manage security architecture and engineering in APEC. Performs security accreditation and evaluates the implementation of those controls in order to grant Approval to Operate for a release of new infrastructure, services, applications and processes into Marriott’s Production Environments in regional level.

Leverages existing Security Engagement processes and documentation, in conjunction with security compliance tools, to determine control implementation status. Will routinely process ITSM Release and Security Engagement Tasks to document justification for all approvals. Will routinely collaborate with multiple teams, including, but not limited to, Business Release Sponsors, Project Managers, Security Architects, Security Architecture Analysts, and Change Management teams to ensure the Security Processes are followed and completed in order to accredit the engagement or release.

Will routinely manage and communicate the status of the tasks assigned in ITSM to thoroughly document the accreditation resulting in granting of Approval to Operate. Understand, communicate, interpret and enforce MI Policies and Security Standards throughout the Certification and Accreditation process. Understand and communicate control objectives in terms of both MI Policy and Standards and Security Best Practice Frameworks, including, but not limited to, NIST RMF, NIST CSF, PCI DSS, GDPR, MPLS, EU Privacy, ISO, as referenced in Marriott’s Common Controls Framework. Will periodically provide status and metrics for the assigned C&A Engagements in order to provide visibility and transparency to GIS Senior Leadership

CANDIDATE PROFILE

Education and Experience

Required:

  • Bachelor’s degree in Information Systems, Computer Science or related field or equivalent experience/certification
  • 8+ years’ experience in Information Security with:
    • 3+ years in process-oriented Security Audit/Assurance/Technical Assessment role
    • 2+ years’ team management experience with security technical team members
    • 1-2 years’ experience/exposure to Common Controls Framework
    • Exposure/functional understanding of NIST RMF
  • Current and relevant information security certifications such as: CISSP (Certified Information Systems Security Professional), (ISC)2 CGRC certification, ISACA, PCI QSA/ISA, ITIL, IS Certification & Accreditation Professional - ISCAP, GIAC Information Security Professional (GISP),

Preferred Skills & Attributes

  • Strong oral and written communication skills and comfortable with speaking in large groups virtually and in person.
  • Ability to conduct independent security research.
  • Strong understanding of common OWASP flagship projects, Top 10, Cheat Sheets…etc.
  • Strong understanding of cryptography concepts: hashing, signing, encryption, decryption, tokenization
  • Strong understanding of SDLC and security integration points
  • Functional understanding of microservice application architecture
  • Functional understanding of common application security controls such as WAF, RASP, Intercepting Proxies
  • Comfortable with the following tools and technologies: GitHub Advanced Security, Postman, Fortify SCA, Jenkins, Artifactory, SonarQube, Docker, JIRA, Confluence, Aqua CSP, Nessus Pro or Tenable.io
  • Comfortable with technical report writing and crafting security requirements.
  • Basic understanding of network security concepts: DOS, DNS Spoofing, ARP Poisoning, Firewalls, Intrusion Detection, Segmentation
  • Basic understanding of Vulnerability and Patch Management practices
  • Basic understanding of endpoint security controls: EDR, Vulnerability Scanning Agents, HIDS, FIM
  • Basic understanding of Agile Software Development Practices & DevOps

Don’t just read the job — see if you’ll get it.

Get your match score, a resume tailored to this exact role, and jobs like it — free.

Check my fit for this job
Loading sign-in…
Apply →