Senior Manager, Risk Management and Compliance

This is a temporary position.

JOB SUMMARY

The Senior Manager, Risk Management & Compliance is a strategic leader responsible for strengthening Marriott’s Global Technology governance, driving timely closure of security and compliance issues, and ensuring consistent risk‑management execution across application and infrastructure teams. This role provides oversight, direction, and accountability to ensure technology services operate securely, regulatory and policy obligations are met, and risks are identified and remediated before they impact the business.

You will play a critical role in maturing GT’s audit, compliance, and controls discipline—ensuring teams are ready for internal and external assessments, accelerating remediation of findings, and reinforcing operational rigor across the technology landscape. Responsibilities include guiding process owners on internal control best practices, validating control readiness, monitoring and reporting audit and security findings, and leveraging automation and analytics to drive issue closure and improve compliance performance.

This role champions a proactive risk‑management mindset by identifying emerging risks, advising on required controls, ensuring consistent adoption across GT, and promoting governance practices that prevent financial, operational, and reputational harm. The ideal candidate combines strong leadership with a solution‑oriented approach to eliminate ambiguity, influence cross-functional teams, and drive measurable improvements in security and compliance outcomes.

CANDIDATE PROFILE

Required:

• Undergraduate degree in Business, IT, Cybersecurity, Data Analytics, or related discipline—or equivalent experience/certification.
• At least 7 years of IT leadership experience , demonstrating deep technical understanding and strong stakeholder engagement skills, including:
• 5+ years in IT infrastructure risk, governance, audit, and compliance across legacy and cloud environments.
• 3+ years leading audits, compliance programs, and remediation efforts , with a strong track record of driving timely issue closure.
• Experience designing, evaluating, and advising on IT and cybersecurity controls for both cloud and on‑premises technologies.
• Experience automating governance, evidence collection, reporting, or control testing.
• At least one professional certification (CISA, CRISC, CISSP, or equivalent).
• Demonstrated success collaborating across cross‑functional, sourced, or matrixed teams to drive accountability.
• Strong analytical, problem‑solving, and prioritization skills in high‑pressure environments.
• Excellent verbal and written communication skills, with the ability to influence application, infrastructure, and senior leadership stakeholders.

Preferred:

• Graduate degree in a technical discipline.
• Hands‑on experience with enterprise GRC, DevSecOps, and cybersecurity platforms (e.g., ServiceNow, Jira, Confluence, Splunk, CrowdStrike).
• Experience managing or contributing to complex portfolios or programs.
• Familiarity with Scaled Agile Framework (SAFe) environments.
• Strong data analytics skills (e.g., Power BI) for metrics, dashboards, and BI‑driven insights.

CORE WORK ACTIVITIES

1. Audit and Compliance Oversight and Delivery

• Lead enterprise‑aligned compliance operations across Global Technology, ensuring consistent delivery by application and infrastructure teams.
• Oversee tracking of active and planned compliance work, escalating delays or risks to leadership as needed.
• Support the maintenance of GT’s control inventory; ensure ownership, documentation, and evidence are complete and audit‑ready.
• Provide expert guidance on control design, implementation, and documentation quality; validate adequacy and effectiveness.
• Drive automation of evidence collection and reporting to reduce manual effort and human error.
• Provide program‑level control performance reporting to senior management, including risks, trends, and required actions.

2. Issue Management & Remediation Leadership

• Serve as the central point of oversight for GT issue management - ensuring security/technology/data privacy findings, internal audit observations, and compliance gaps are actively monitored and driven to closure leveraging a risk-based approach.
• Monitor aging, overdue, and high‑risk issues daily; coordinate with application and infrastructure owners to obtain updates and enforce remediation accountability.
• Collaborate with compliance and security counterparts to validate issue context, assess risk impact, and advise on effective remediation strategies.
• Provide clear guidance to Global Technology teams on issue management expectations, lifecycle requirements, and escalation paths.
• Lead development and reporting of key issue management metrics (e.g., remediation aging, risk trends, owner performance), ensuring transparency for senior leadership and committees.

3. Maturing Risk Management & Compliance Operations

• Develop and maintain standard operating procedures, governance frameworks, and documentation that strengthen consistency in GT risk and compliance practices.
• Align GT’s risk and compliance processes with enterprise tools, platforms, and governance models.
• Lead initiatives to streamline, automate, and optimize compliance, control, and risk‑management processes across GT.
• Drive adoption of risk‑management capabilities across application and infrastructure teams through guidance, training, and continuous reinforcement.

4. Audit Readiness, Execution & Advisory

• Lead and support GT participation in internal/external audits covering infrastructure, cybersecurity, cloud, third‑party risk, and operational domains.
• Conduct control readiness reviews by interviewing owners, reviewing evidence, identifying gaps, and preparing teams for audit engagement.
• Facilitate kickoff, status, and close‑out meetings; ensure alignment on scope, risks, timelines, and expected deliverables.
• Produce clear, fact‑based, and actionable reports for leadership, outlining control gaps, remediation steps, and risk implications.
• Support special audit projects (e.g., major system implementations, remediation assurance, automated control deployments).

5. Stakeholder Coordination & Governance Engagement

• Partner with internal/external auditors, GT leadership, control owners, and process teams to ensure timely and accurate execution of audit and compliance work.
• Provide oversight to ensure technology teams consistently follow issue management, control operations, and compliance responsibilities.

6. Metrics, Analytics & Reporting

• Develop leading and lagging indicators for proactive risk management.
• Build analytics‑driven dashboards and insights to support data‑informed decisions around compliance posture, issue aging, control maturity, and remediation progress.
• Identify themes and systemic issues from metrics to recommend enterprise‑level improvements.

7. Project Management & Strategic Prioritization

• Set clear goals and priorities for self and team; ensure execution aligns with GT risk‑management strategy.
• Direct stakeholders in organizing, resourcing, and completing remediation and compliance projects.
• Evaluate information, identify root causes, and recommend practical solutions for long‑term risk reduction.
• Deliver timely and accurate outputs, including reports, presentations, and executive updates, with strong attention to detail.

At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.