Back to jobs
Gaylord Hotels

Chief Info Security Officer (CISO)

Bethesda, MD, United StatesPosted 2 days ago
hybrid

Job Description

As the #1 leader in hospitality worldwide, Marriott International has nearly 40 brands and over 9,800 hotels in its portfolio across 145 countries — and we’re still growing. By joining Marriott, you can be a part of something bigger than yourself, be inspired by what’s possible and discover your own future as we continue to undertake the industry’s largest digital and technology transformation that will allow us to maintain our position as the industry leader in travel and hospitality for years to come. The patent-pending platforms and architecture is built with secure by design, trust by design principles. Come build what’s next.

As a critical member of the senior technology leadership team, the Chief Information Security Officer (CISO) defines, leads, and executes the enterprise-wide information security, governance, risk, compliance and trust strategy to protect the company’s digital assets, technology platforms, brand reputation, and customer trust in an increasingly AI-enabled world. This executive establishes and operationalizes a Trust and Security by Design model—ensuring security, privacy, resilience, and ethical use of technology are embedded into every product, platform, and digital experience as well as the culture of how we work. They are also accountable for leading all Board-level engagement on information security with Marriott’s BOD technology subcommittee, instilling confidence in our current and continually evolving cybersecurity strategy.

The CISO is accountable for evolving the organization’s cybersecurity posture through intelligent automation, advanced analytics, and AI driven security capabilities, enabling proactive risk reduction, faster threat detection and response, and scalable governance across a global, decentralized environment. The CISO will be accountable for a forward-thinking and resilient Information Security Program, Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), Security Architecture and Strategy and Security Operations Center (SOC).

Serving as the strategic leader for cyber risk, regulatory compliance, and digital trust, the CISO partners closely with IT, Legal, HR, Compliance, Data Privacy, and business leaders to align security outcomes with business priorities. This executive sets the tone for a culture of security consciousness, responsible AI use, and continuous improvement—anticipating emerging threats and embedding modern, automated defenses to protect the company’s future. The role reports to the Chief Information Officer.

 

CANDIDATE PROFILE

Education and Experience

Required:

  • Bachelor’s degree in information security, Computer Science, or related field.
  • 15+ years of progressive cybersecurity experience with at least 10 years in a senior leadership role that reflects significant people and financial management experiences and leading through a range of moments from crisis to driving change.
  • Demonstrated success leading enterprise information security programs and teams.
  • Demonstrated experience applying AI, machine learning, and automation to cybersecurity operations, risk management, or governance at enterprise scale. 
  • Proven leadership embedding security by design and privacy by design principles into digital transformation, cloud adoption, and product development lifecycles. 
  • Experience governing the secure and responsible use of AI‑enabled technologies, including risk management, controls, and ethical considerations.
  • Extensive knowledge of cybersecurity frameworks (NIST, ISO 27001), risk management practices, and IT governance.
  • Experience managing complex security operations, incident response, and threat mitigation.
  • Strong background in security technologies including firewalls, SIEM, intrusion detection, encryption, and identity & access management.
  • Experience implementing DevSecOps, secure software development, and security engineering practices.
  • Experience with cloud security and securing multi‑cloud infrastructures.
  • Experience with leading Identity & access management (IAM). 
  • Deep understanding of Network and endpoint protection technologies.
  • Working knowledge of data privacy regulations (e.g., GDPR, HIPAA) and compliance programs.
  • Strong platform skills and proven track record in executive communication and influencing at the C‑suite and Board levels.
  • Strong analytical, decision‑making, and problem‑solving capabilities.

Preferred:

  • Master’s degree in Cybersecurity, IT, Business Administration, or related field.
  • Certifications such as CISSP, CISM, CISA, or CRISC.
  • Background in digital forensics, vulnerability management, and penetration testing.
  • Experience deploying AI‑driven threat detection, security orchestration (SOAR), automated incident response, and predictive risk analytics. 
  • Familiarity with emerging regulatory and industry expectations related to AI governance, algorithmic risk, and digital trust.

 

CORE FOCUS

Trust & Security by Design 

The CISO is the executive owner of the enterprise Trust and Security by Design framework, ensuring that cybersecurity, data protection, privacy, resilience, and ethical technology use are foundational design requirements—not after‑the‑fact controls. This includes embedding security and trust principles into:

  • Digital products and guest‑facing experiences
  • Cloud, AI, and data platforms
  • Workplace technologies and end‑user computing
  • Third‑party and ecosystem integrations

Security decisions are risk‑based, automated where possible, and aligned to customer trust, regulatory expectations, and long‑term enterprise value.

Set the Information Security Strategy & Champion Change

  • Develop and communicate a compelling enterprise security and trust vision that integrates AI‑enabled security capabilities and automation aligned to business outcomes. 
  • Lead a multi‑year cybersecurity and digital trust roadmap that embeds Trust and Security by Design into all technology initiatives. 
  • Proactively evaluate emerging threats, AI‑driven risks, and technology trends, adjusting strategy to ensure resilience and responsible innovation. 
  • Champion the adoption of automation to reduce manual controls, improve decision quality, and increase speed and consistency across security operations.
  • Establish and oversee a global governance framework that integrates cybersecurity, data protection, privacy, AI risk, and digital trust. 
  • Leverage automation and analytics to continuously assess risk, prioritize remediation, and monitor control effectiveness. 
  • Ensure third‑party, vendor, and ecosystem risk programs incorporate security‑by‑design expectations and automated assurance mechanisms. 
  • Provide executive and Board‑level reporting using data‑driven, forward‑looking risk indicators rather than static compliance metrics.
  • Oversee modern, AI‑enabled Security Operations capabilities that leverage advanced analytics, automation, and orchestration to detect and respond to threats in real time. 
  • Lead enterprise incident response with a focus on speed, accuracy, and automation, including post‑incident learning and continuous improvement. 
  • Integrate threat intelligence, digital forensics, and predictive analytics to anticipate and mitigate emerging risks.
  • Direct the design of secure, resilient architectures across applications, infrastructure, cloud, and AI platforms. 
  • Embed security‑by‑design, zero‑trust, and privacy‑by‑design principles into all digital initiatives and product development lifecycles. 
  • Partner with IT and engineering teams to integrate security controls into CI/CD pipelines, DevSecOps practices, and AI development processes. 
  • Continuously modernize the security technology stack with a focus on automation, scalability, and reduced operational friction.
  • Continuously improve the role based system access framework and provisioning.
  • Build a high‑performing security organization skilled in automation, data‑driven decision‑making, and AI‑enabled security practices. 
  • Lead enterprise‑wide security, privacy, and responsible‑AI awareness programs that reinforce trust as a shared accountability. 
  • Foster a culture where innovation and security advance together—balancing speed, safety, and customer trust.

Information Security Governance, Risk & Trust Management

  • Establish and oversee a global governance framework that integrates cybersecurity, data protection, privacy, AI risk, and digital trust. 
  • Leverage automation and analytics to continuously assess risk, prioritize remediation, and monitor control effectiveness. 
  • Ensure third‑party, vendor, and ecosystem risk programs incorporate security‑by‑design expectations and automated assurance mechanisms. 
  • Provide executive and Board‑level reporting using data‑driven, forward‑looking risk indicators rather than static compliance metrics.

Security Operations, Automation, & Incident Response 

  • Oversee modern, AI‑enabled Security Operations capabilities that leverage advanced analytics, automation, and orchestration to detect and respond to threats in real time. 
  • Lead enterprise incident response with a focus on speed, accuracy, and automation, including post‑incident learning and continuous improvement. 
  • Integrate threat intelligence, digital forensics, and predictive analytics to anticipate and mitigate emerging risks.

Security Architecture & AI Technology Enablement

  • Direct the design of secure, resilient architectures across applications, infrastructure, cloud, and AI platforms. 
  • Embed security‑by‑design, zero‑trust, and privacy‑by‑design principles into all digital initiatives and product development lifecycles. 
  • Partner with IT and engineering teams to integrate security controls into CI/CD pipelines, DevSecOps practices, and AI development processes. 
  • Continuously modernize the security technology stack with a focus on automation, scalability, and reduced operational friction.
  • Continuously improve the role based system access framework and provisioning.

People Leadership & Organizational Development

  • Build a high‑performing security organization skilled in automation, data‑driven decision‑making, and AI‑enabled security practices. 
  • Lead enterprise‑wide security, privacy, and responsible‑AI awareness programs that reinforce trust as a shared accountability. 
  • Foster a culture where innovation and security advance together—balancing speed, safety, and customer trust.

 

This role is not solely responsible for protecting systems—it is accountable for protecting trust, enabling innovation, and ensuring security is designed into how the enterprise operates, scales, and serves its customers.

 

At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.

All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Click here to learn more.

Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.

Washington Applicants Only: Employees will accrue paid sick leave, 0.077 PTO balance for every hour worked and be eligible to receive a minimum of 9 holidays annually.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.
Chief Info Security Officer (CISO) at Gaylord Hotels | Renata