Job DescriptionThis is a temporary role.
JOB SUMMARY
The FLEX Manager, Risk Management & Compliance is responsible for strengthening Marriott's Global Technology governance, driving timely closure of security and compliance issues, and ensuring consistent risk management execution across application and infrastructure teams. This role provides oversight, direction, and accountability to ensure technology services operate securely, regulatory and policy obligations are met, and risks are identified and remediated before they impact the business.
This role is critical to mature GT's audit, compliance, and controls discipline-ensuring teams are ready for internal and external assessments, accelerating remediation of findings, and reinforcing operational rigor across the technology landscape. Responsibilities include guiding process owners on internal control best practices, validating control readiness, monitoring and reporting audit and security findings, and leveraging automation and analytics to drive issue closure and improve compliance performance.
This role champions a proactive risk management mindset by identifying emerging risks, advising on required controls, ensuring consistent adoption across GT, and promoting governance practices that prevent financial, operational, and reputational harm. The ideal candidate combines strong leadership with a solution-oriented approach to eliminate ambiguity, influence cross-functional teams, and drive measurable improvements in security and compliance outcomes.
CANDIDATE PROFILE Education and Experience
Required
- Bachelor's degree in Business, IT, Cybersecurity, Data Analytics, or related discipline-or equivalent experience/certification
- At least 5 years of IT leadership experience, demonstrating deep technical understanding and strong stakeholder engagement skills, including:
- 3+ years in cyber and tech risk, governance, audit, and compliance across legacy and cloud environments
- 2+ years leading audits, compliance programs, and remediation efforts, with a strong track record of driving timely issue closure
- Experience designing, evaluating, and advising on IT and cybersecurity controls for both cloud and on-premises technologies
- Experience automating governance, evidence collection, reporting, or control testing
- At least one professional certification (CISA, CRISC, CISSP, or equivalent)
- Demonstrated success collaborating across cross-functional, sourced, or matrixed teams to drive accountability
- Strong analytical, problem-solving, and prioritization skills in high-pressure environments
- Excellent verbal and written communication skills, with the ability to influence application, infrastructure, and senior leadership stakeholders
Preferred
- Graduate degree in technical discipline
- Hands-on experience with enterprise GRC, DevSecOps, and cybersecurity platforms (eg, ServiceNow, Jira, Confluence, Splunk, CrowdStrike)
- Experience managing or contributing to complex portfolios or programs
- Familiarity with Scaled Agile Framework (SAFe) environments
- Strong data analytics skills (eg, Power BI) for metrics, dashboards, and BI-driven insights
CORE WORK ACTIVITIES
1 Audit and Compliance Oversight and Delivery - Support enterprise-aligned compliance operations across Global Technology, ensuring consistent delivery by application and infrastructure teams
- Oversee tracking of active and planned compliance work, escalating delays or risks to leadership as needed
- Support the maintenance of GT's control inventory; ensure ownership, documentation, and evidence are complete and audit-ready
- Provide expert guidance on control design, implementation, and documentation quality; validate adequacy and effectiveness
- Drive automation of evidence collection and reporting to reduce manual effort and human error
- Support program-level control performance reporting to senior management, including risks, trends, and required actions
2 Security Issue Management Support & Remediation Advisory - Serve as the key point of contact for GT issue management - ensuring security/technology/data privacy findings, internal audit observations, and compliance gaps are actively monitored and driven to closure leveraging a risk-based approach
- Monitor aging, overdue, and high-risk issues daily; coordinate with application and infrastructure owners to obtain updates and enforce remediation accountability
- Collaborate with compliance and security counterparts to validate issue context, assess risk impact, facilitate alignment on acceptance criteria, and advise on effective remediation strategies
- Provide clear guidance to Global Technology teams on issue management expectations, lifecycle requirements, and escalation paths
- Support development and reporting of key issue management metrics (eg, remediation aging, risk trends, owner performance), ensuring transparency for senior leadership
3 Maturing Risk Management & Compliance Operations - Develop and maintain standard operating procedures, governance frameworks, and documentation that strengthen consistency in GT risk and compliance practices
- Align GT's risk and compliance processes with enterprise tools, platforms, and governance models
- Support initiatives to streamline, automate, and optimize compliance, control, and risk management processes across GT
- Support the implementation of enablement mechanisms to drive the adoption of risk management capabilities across application and infrastructure teams through guidance, training, and continuous reinforcement
4 Audit Readiness, Execution & Advisory - Support GT participation in internal/external audits covering infrastructure, cybersecurity, cloud, third-party risk, and operational domains
- Execute control readiness assessments through engagement with product and platform engineering teams
- Facilitate assessment kickoff, status, and closeout meetings; ensure alignment on scope, risks, timelines, roles, and deliverables
- Perform validation of control design, implementation and operating effectiveness using risk-based approach
- Document assessment results using standardized templates and established methodologies
- Assist the development of clear, fact-based, and actionable reports for leadership, outlining control gaps, remediation steps, and risk implications
- Support special audit projects (eg, major system implementations, remediation assurance, automated control deployments)
5 Stakeholder Coordination & Governance Engagement - Partner closely with internal/external auditors, GT leadership, control owners, and process teams to ensure timely, accurate, and well-coordinated execution of audit and compliance activities
- Monitor execution to ensure technology teams consistently adhere to issue management processes, control operation requirements, and compliance responsibilities
6 Metrics, Analytics & Reporting - Support the development and enhancement of leading and lagging risk indicators to enable proactive risk identification and management
- Leverage analytics-driven dashboards to improve monitoring, transparency, and support data-driven risk management decision-making
7 Other Duties - Perform additional risk management and compliance-related duties as assigned
All locations offer 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.
Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, and paid parental leave.
Washington Applicants Only: Employees will accrue paid sick leave, 0.0384 PTO balance for every hour worked and be eligible to receive minimum of 9 holidays annually.
Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
About the TeamMarriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed.
Be where you can do your best work,
begin your purpose,
belong to an amazing global team, and
become the best version of you.