Senior Information Security Analyst| Vulnerability – Singapore Regional Office


Job Number 20030619
Job Category Information Technology
Location Singapore Regional Office| 2 Harbourfront Place #06-08|
Singapore| Singapore| Singapore
Brand Corporate
Schedule Full-time
Relocation? No
Position Type Management

Start Your Journey With Us
Marriott International is the world’s largest hotel company| with more brands|
more hotels and more opportunities for associates to grow and succeed. We
believe a great career is a journey of discovery and exploration. So| we ask|
where will your journey take you?


Contributes to workgroups and/or functions as a technical expert. Assesses and
reports on vulnerabilities and remediation efforts across the enterprise.
Reviews and documents internal systems review activities. Contributes to
designs and roll out of evaluation and improvement processes to assure the
inclusion of appropriate elements of quality and compliance with security
policy and regulations. Supports the definition and implementation of the
Information Vulnerability Management (IVM) Program through the identification
and analysis of known and newly found vulnerabilities to determine their
operational and security impact. Address vulnerabilities found through
remediation recommendations| Information Vulnerability Alerts and Information
Vulnerability Bulletins. This task area requires technical knowledge in
computer network theory| IT standards and protocols| as well as an
understanding of the lifecycle of cyberspace threats| attack vectors| and
methods of exploitation.


Education and Experience


Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification

5 years of information technology experience that include experience in implementing| managing or governing security technologies| including vulnerability scanning tools (i.e. Retina| Nessus| etc.)


Current information security certification| including Certified Information Security Manager (CISM)| Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)

Technical leadership experience in a sourced environment

Basic Project management skills

Excellent communication skills and problem solving ability

Demonstrated ability to work independently and with others

Ability to manage the details and compliance with standards and expectations

Technical infrastructure operations| administration| or engineering background


Contributes technical expertise to the information vulnerability management process| including support of the remediation program

Identify and draft mitigation guidance for vulnerabilities with no vendor- provided remediation

Establish communications with vendors for the release of newly identified vulnerabilities to ensure they understand specialized and proprietary asset requirements

Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders

Contribute to daily| weekly| monthly and annual vulnerability metrics associated with affected and non-compliant assets

Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated information to report vulnerability mitigation and remediation progress

Identify| analyze| and develop mitigation or remediation actions for system and network vulnerabilities

Assist with the prioritization of newly identified software/hardware vulnerabilities based upon severity| potential operational impact| exploitation| and other factors to assess risk to Marriott assets

Conduct open source research to identify and analyze known and unknown vulnerabilities

Analyze known issues with vendor provided fixes and contact the appropriate vendor for a defined and attainable solution

Perform planned and ad-hoc infrastructure vulnerability scanning| determine remediation options and track remediation to completion.

Evaluate and test hardware| firmware and software for possible impact on system security| and the investigation and resolution of security risk and incidents. Assist with vulnerability exceptions.

Initiate and evaluate vulnerability scans for operational readiness and validate if vulnerabilities are false positives based on the Operating system and/or and application configuration.

Maintain process documentation for Patch Management.

Assess| maintain| and distribute security patch deployment ratings for Microsoft| Linux| Unix| and HPUX patch releases.

Works with IT Infrastructure partners regarding major system changes to ensure information security standards are addressed early in a project’s life and incorporated into the resulting program

Educates internal and external users of security technologies to continually improve the knowledge and skill-base of the organization on how best to operate and support the infrastructure services

Participates in the evaluation and selection of security services products

Supports governance based on best practices and ensures proper alignment to projects and major initiatives

Conducts analysis of the current environment to detect critical deficiencies and recommends solutions for improvement

Conducts analysis of technology industry and market trends to determine their potential impact on the infrastructure architecture

Promotes the benefits of security services to the organization and educates the team on security concepts

Identifies opportunities to enhance the service delivery processes

IT Governance

Follows all defined IT standards and processes (i.e. IT Governance| SM&G| Architecture| etc.)| and provides input for improvements to the appropriate process owners as needed

Maintains a proper balance between business and operational risk

Follows the defined project management standards and processes