Jobs · Information Technology · Maryland

Chief Info Security Officer (CISO)

Marriott International · Bethesda, MD · 1 wk ago
On-siteInformation TechnologyFull-time

CANDIDATE PROFILE

  • Education and Experience
  • Required:
    • Bachelor’s degree in information security, Computer Science, or related field.
    • 15+ years of progressive cybersecurity experience with at least 10 years in a senior leadership role that reflects significant people and financial management experiences and leading through a range of moments from crisis to driving change.
    • Demonstrated success leading enterprise information security programs and teams.
    • Demonstrated experience applying AI, machine learning, and automation to cybersecurity operations, risk management, or governance at enterprise scale.
    • Proven leadership embedding security by design and privacy by design principles into digital transformation, cloud adoption, and product development lifecycles.
    • Experience governing the secure and responsible use of AI‑enabled technologies, including risk management, controls, and ethical considerations.
    • Extensive knowledge of cybersecurity frameworks (NIST, ISO 27001), risk management practices, and IT governance.
    • Experience managing complex security operations, incident response, and threat mitigation.
    • Strong background in security technologies including firewalls, SIEM, intrusion detection, encryption, and identity & access management.
    • Experience implementing DevSecOps, secure software development, and security engineering practices.
    • Experience with cloud security and securing multi‑cloud infrastructures.
    • Experience with leading Identity & access management (IAM).
    • Deep understanding of Network and endpoint protection technologies.
    • Working knowledge of data privacy regulations (e.g., GDPR, HIPAA) and compliance programs.
    • Strong platform skills and proven track record in executive communication and influencing at the C‑suite and Board levels.
    • Strong analytical, decision‑making, and problem‑solving capabilities.
  • PREFERRED:
    • Master’s degree in Cybersecurity, IT, Business Administration, or related field.
    • Certifications such as CISSP, CISM, CISA, or CRISC.
    • Background in digital forensics, vulnerability management, and penetration testing.
    • Experience deploying AI‑driven threat detection, security orchestration (SOAR), automated incident response, and predictive risk analytics.
    • Familiarity with emerging regulatory and industry expectations related to AI governance, algorithmic risk, and digital trust.

    CORE FOCUS

    • Trust & Security by Design
      • The CISO is the executive owner of the enterprise Trust and Security by Design framework, ensuring that cybersecurity, data protection, privacy, resilience, and ethical technology use are foundational design requirements—not after‑the‑fact controls. This includes embedding security and trust principles into:
        • Digital products and guest‑facing experiences
        • Cloud, AI, and data platforms
        • Workplace technologies and end‑user computing
        • Third‑party and ecosystem integrations
      • Security decisions are risk‑based, automated where possible, and aligned to customer trust, regulatory expectations, and long‑term enterprise value.
    • Set the Information Security Strategy & Champion Change
      • Develop and communicate a compelling enterprise security and trust vision that integrates AI‑enabled security capabilities and automation aligned to business outcomes.
      • Lead a multi‑year cybersecurity and digital trust roadmap that embeds Trust and Security by Design into all technology initiatives.
      • Proactively evaluate emerging threats, AI‑driven risks, and technology trends, adjusting strategy to ensure resilience and responsible innovation.
      • Champion the adoption of automation to reduce manual controls, improve decision quality, and increase speed and consistency across security operations.
      • Establish and oversee a global governance framework that integrates cybersecurity, data protection, privacy, AI risk, and digital trust.
      • Leverage automation and analytics to continuously assess risk, prioritize remediation, and monitor control effectiveness.
      • Ensure third‑party, vendor, and ecosystem risk programs incorporate security‑by‑design expectations and automated assurance mechanisms.
      • Provide executive and Board‑level reporting using data‑driven, forward‑looking risk indicators rather than static compliance metrics.
      • Oversee modern, AI‑enabled Security Operations capabilities that leverage advanced analytics, automation, and orchestration to detect and respond to threats in real time.
      • Lead enterprise incident response with a focus on speed, accuracy, and automation, including post‑incident learning and continuous improvement.
      • Integrate threat intelligence, digital forensics, and predictive analytics to anticipate and mitigate emerging risks.
      • Direct the design of secure, resilient architectures across applications, infrastructure, cloud, and AI platforms.
      • Embed security‑by‑design, zero‑trust, and privacy‑by‑design principles into all digital initiatives and product development lifecycles.
      • Partner with IT and engineering teams to integrate security controls into CI/CD pipelines, DevSecOps practices, and AI development processes.
      • Continuously modernize the security technology stack with a focus on automation, scalability, and reduced operational friction.
      • Continuously improve the role based system access framework and provisioning.
      • Build a high‑performing security organization skilled in automation, data‑driven decision‑making, and AI‑enabled security practices.
      • Lead enterprise‑wide security, privacy, and responsible‑AI awareness programs that reinforce trust as a shared accountability.
      • Foster a culture where innovation and security advance together—balancing speed, safety, and customer trust.
    • Information Security Governance, Risk & Trust Management
      • Establish and oversee a global governance framework that integrates cybersecurity, data protection, privacy, AI risk, and digital trust.
      • Leverage automation and analytics to continuously assess risk, prioritize remediation, and monitor control effectiveness.
      • Ensure third‑party, vendor, and ecosystem risk programs incorporate security‑by‑design expectations and automated assurance mechanisms.
      • Provide executive and Board‑level reporting using data‑driven, forward‑looking risk indicators rather than static compliance metrics.
    • Security Operations, Automation & Incident Response
      • Oversee modern, AI‑enabled Security Operations capabilities that leverage advanced analytics, automation, and orchestration to detect and respond to threats in real time.
      • Lead enterprise incident response with a focus on speed, accuracy, and automation, including post‑incident learning and continuous improvement.
      • Integrate threat intelligence, digital forensics, and predictive analytics to anticipate and mitigate emerging risks.
    • Security Architecture & AI Technology Enablement
      • Direct the design of secure, resilient architectures across applications, infrastructure, cloud, and AI platforms.
      • Embed security‑by-design, zero‑trust, and privacy‑by‑design principles into all digital initiatives and product development lifecycles.
      • Partner with IT and engineering teams to integrate security controls into CI/CD pipelines, DevSecOps practices, and AI development processes.
      • Continuously modernize the security technology stack with a focus on automation, scalability, and reduced operational friction.
      • Continuously improve the role based system access framework and provisioning.
    • People Leadership & Organizational Development
      • Build a high‑performing security organization skilled in automation, data‑driven decision‑making, and AI‑enabled security practices.
      • Lead enterprise‑wide security, privacy, and responsible‑AI awareness programs that reinforce trust as a shared accountability.
      • Foster a culture where innovation and security advance together—balancing speed, safety, and customer trust.

Similar jobs