FLEX Manager, Insider Threat Management

About The Position

Requirements

• 5+ years of experience in Information Security
• 3+ years of experience in cybersecurity and/or insider threat incident response that must include experience in:
• Experience with data loss/information protection solutions (Splunk, Netskope, Microsoft O365, etc.)
• Identification of potential insider threat tools, tactics, and procedures (TTPs)
• Security data analysis from a variety of sources and tools, including contributing to DLP policy/alert creation and maintenance.
• 1 year of experience with Windows log analysis and memory forensics
• Network traffic analysis
• Undergraduate degree in computer science or related field, or equivalent work experience
• Ability to work flexible schedule that may include shift work.

Nice To Haves

• Development of incident response assessments and other similar reporting (demonstrated writing & comms skills).
• Experience in a similarly sized organization with significant complexity.
• Strong time management skills to balance multiple activities.
• Security Certification (i.e., GCIH, GCFA, CCSP, OSCP, etc.)
• Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.
• Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.

Responsibilities

• Conducts data security incident analysis in support of Marriott’s Insider Threat Management Program, working to help develop and maintain “playbooks” to ensure effective and efficient response processes and procedures.
• Handle escalations from internal and external sources to quickly triage and respond to potential insider threat incidents, as needed.
• Develop and present comprehensive reports for both technical, executive, and non-security stakeholder audiences.
• Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of Marriott’s security program.
• Develop and follow detailed operational processes and procedures to appropriately analyze, escalate and assist in the remediation of information security-related incidents.
• Apply technical acumen and analytical capabilities to speed and enhance response.
• Work in a flexible environment, including shift work, as required to meet business and operational needs.
• Submits reports in a timely manner, ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.
• Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely, accurate, and detailed status reports as requested.
• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues, products, systems, and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job.
• Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
• Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies.
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Demonstrates an understanding of business priorities.