Job DescriptionAre you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.
As a member of the professional staff, contributes specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Resources, Operations Planning & Support, Sales & Marketing) area to support team and/or department business objectives. Generally, works under limited supervision, but within established guidelines, producing and analyzing more complex business information to assist in the decision-making process.
Specific Job Summary (describe the nature and purpose of the position)
The PCI Security Analyst will be responsible for execution of the company PCI compliance program and support strategic objectives enabling continuous compliance with applicable security standards and requirements. Performance of day to day aspects include scoping review and validation, conducting periodic review exercises, maintaining compliance artifacts, identifying new or enhancing existing controls to mature the overall security posture, and partnering with IT and business stakeholders to advise on PCI impacting projects and support PCI attestation efforts. This individual will be working cross-functionally at all levels of the enterprise to support and requires deep technical and business process knowledge to maintain and mature the company's security compliance capabilities.
Key areas of specific responsibility include
* PCI-DSS Compliance Program Execution
* Review and maintain relevant security policies and standards
* Advocate for the continued integration of compliance activities into standard operating processes
* Support PCI security awareness program
* Integrate PCI artifact collection, review, and attestation processes with company GRC platform
Specific Expected Contributions
- Performs more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
- Responds to, solves, and makes decisions on more complex/non-routine business requests with limited to moderate risk.
- Responsible for own work and contributing to team, department and/or business results. May direct work of non-management staff.
- Assists more senior associates in achieving business results by:
- identifying opportunities to enhance the effectiveness of business processes.
- providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
- participating in setting department operating plans.
- recognizing and celebrating team successes.
- achieving results against budget within scope of responsibility.
- Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
- Performs other duties as appropriate.
(including duties and responsibilities)
- Support execution of internally performed and 3rd party audit activities in accordance with the PCI DSS.
- Lead efforts to mature and standardize the PCI compliance program across MVWC.
- Facilitate and execute enterprise scoping, control assessments, evidence collection, issue remediation, and reporting activities.
- Maintain security compliance related policy, standard and procedure documentation to drive consistent and repeatable compliance activities.
- Provide consultative support to cross-functional business partners on the methods, practices, and solutions in alignment with organizational scoping and PCI compliance strategies.
- Administer common control frameworks to ensure relevant internal and external information security requirements are mapped and communicated to the enterprise.
- Research, evaluate, and stay current on emerging security and compliance trends, standards, techniques, and technologies.
- Interface with Internal Controls, Internal Audit and External Auditors as required to satisfy any audit related policy and compliance deliverables or work items.
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience. College degree and/or relevant experience typically required.Specific Candidate Profile
(the education, experience, skills, and attributes that are important for this position)Education -
BA/BS in business or computer science or appropriate work experience is required.Experience -
4+ years' work experience in relevant Information Security position.Certification -
Applicable industry certification is strongly preferred such as CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CISSP (Certified Information System Security Professional). Current or previous Qualified Security Assessor (QSA), Internal Security Assessor (ISA) or PCIP (Payment Card Industry Professional) certification is also strongly preferred.Skills/Attributes
- Experience evaluating and operationalizing PCI DSS compliance.
- Familiarity with all requirements of the PCI DSS including other significant PCI SSC guidance, and card security and compliance requirements from the major card brands.
- Experience in successfully organizing and leading PCI audit activities.
- Experience with GRC/ERM tools (e.g. MetricStream, RSA Archer, Galvanize, Logicmanager, etc.).
- Proven understanding of information security risk assessment and risk management procedures and methodologies.
- Ability to clearly present complex technical concepts and techniques to others.
- Proven technical expertise including knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
- Functional understanding and working knowledge of security principles, standards and processes, such as authentication and access control, secure configuration, network segmentation and traffic analysis, endpoint security, platform architecture, application security, encryption and key management, change management, cloud security, etc.
- Exceptional verbal and written communication skills.
- Outstanding organizational skills
Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture