Director, Vulnerability Management Solutions

Job Summary:

The Marriott Enterprise Vulnerability Management group oversees attack surface reduction across a wide range of enterprise, cloud, data center, and property locations. Our team members are passionate about protecting our data, systems, and service delivery functions across the globe against a broad range of adversaries. The Director, Vulnerability Management Solutions is responsible for the strategy, maintenance, and execution of Vulnerability Management solutions for the Global Enterprise. This role leads a team of security professionals to deploy, maintain, and operate enterprise vulnerability management assessment and reporting solutions. It participates in the selection, implementation and optimization of enterprise vulnerability management solutions and guides, reviews and documents internal systems review activities. This role requires an in-depth technical knowledge of security engineering and vulnerability management solutions. It also requires an understanding of the lifecycle of cyberspace threats, attack vectors, and methods of exploitation, especially as they relate to global environment. It requires participation in designing, building, and maintaining integrations between various internal and SaaS applications. Maintaining operational and technical documentation related to the operational lifecycle of supported solutions is required, as is identifying improvements to ensure the inclusion of appropriate quality of delivery and compliance with security policy and regulations.  

Candidate Profile

Required Education and Experience  

• Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification 
• 8+ years of information technology leadership experience 
• 5+ years’ direct management of cross functional, sourced, or matrixed teams, including experience managing a remote workforce  
• 4+ years’ experience implementing, managing and governing enterprise grade vulnerability management technologies, including:  
• Vulnerability assessment solutions 
• Risk based vulnerability reporting solutions 
• External Attack Surface Management solutions  
• 4+ years’ experience delivering positive business outcomes managing a blend of multi-vendor information security solutions 

Preferred:

• Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or GIAC Security Leadership (GSLC)  
• Ability to communicate security concepts and needs to wide range of technical and non-technical stakeholders 
• Experience evaluating, selecting, and deploying SaaS and on-premise solutions.  
• Experience working with large data sets to develop performance and reliability reporting.  
• Working knowledge of IT security within an enterprise environment and multi-cloud environments 
• Knowledge of automation development, code development using the Python programming language, and SOAR solutions.  
• Strong negotiating, influencing, and problem resolution skills  
• Proven ability to effectively prioritize and execute tasks in a high-pressure environment  
• Experience in business systems and process planning  
• Experience with workflow solutions, including ServiceNow and Jira  
• Experience in workflow and planning methodologies, including Agile and Objectives and Key Results 
• Ability to translate information security objectives into beneficial business strategies  
• Demonstrated ability to assess company needs, creatively approach solutions, and influence appropriate courses of action 

Core Work Activities

Vulnerability Management

• Lead and develop the Vulnerability Solutions Support team to support enterprise‑wide remediation. 
• Provide technical leadership and governance for vulnerability management and remediation programs. 
• Define, track, and report KPIs and risk‑based outcomes to senior leadership. 
• Maintain and scale tooling with Infrastructure partners, aligned to strategic and project priorities. 
• Evaluate and select security services and products; and validate solution effectiveness. 
• Assess the environment for gaps and recommend improvements and investments. 
• Stay current on industry trends and clearly communicate the business value of security solutions. 
• Develop and continuously improve metrics/KPIs for the vulnerability solutions program 

Managing Work, Projects and Priorities 

• Coordinate and implement work and assigned projects. 
• Ensure accurate and timely artifacts in the form of reports, presentations, etc.  
• Analyze information to choose the best solution and solve problems.  
• Develop and manage plans to prioritize, organize, and accomplish work. 
• Set and track goal progress for self and others.  
• Assist other organizational units with associated technology efforts 

Leading Team

• Create a team environment that encourages accountability, high standards, and innovation.  
• Lead own team while assisting with meeting or exceeding larger department goals. 
• Ensure others understand performance expectations.  
• Ensure that goals are being translated to the team as they relate to tracking and productivity.  
• Create and nurture an environment that emphasizes motivation, empowerment, teamwork, and continuous improvement 
• Develop plans to address staff needs and expand on their strengths.  
• Inspire the team to meet or exceed expectations.  
• Lead by example through demonstrating self-confidence, energy and enthusiasm. 

Conducting Human Resources Activities 

• Act proactively when dealing with employee concerns.  
• Extend professionalism and courtesy to employees at all times. 
• Communicate/update all goals and results with employees.  
• Meet regularly with staff on a one-to-one basis.  
• Establish and maintain open and collaborative relationships with employees.  
• Solicit employee feedback.  
• Interview job candidates and assist in making hiring decisions.  
• Receive hiring recommendations from team supervisors.  
• Ensure orientations for new team members are thorough and completed in a timely fashion.  
• Observe behaviors of employees and provide feedback to individuals. 

The salary range for this position is $117,600 to $185,200 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus and restricted stock units/stock grants.   Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.   All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.   Marriott HQ is committed to a hybrid work environment that enables associates to Be connected.  Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD;  candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.   The application deadline for this position is 28 days after the date of this posting, September 22, 2025.  

Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.