FLEX Director, IT Governance, Audit and Compliance

Marriott Hotels Resorts•Bethesda, MD

About The Position

The Director, IT Governance, Audit & Compliance, is a leadership role responsible for serving as the governance, audit and compliance execution arm for IT controls managed under the Technology Experience Center (TEC) organization. This role works with IT Provision Owners to perform the governance, oversight, and reporting for regulatory controls that align under IT Asset Inventory, Change Management, Software End of Life (EOL) and Hardware Removal. The Director ensures controls are consistently designed, executed, evidenced, and audit ready in alignment with internal policy, regulatory obligations, and external audit requirements. The Director partners closely with Marriott IT Control Owners, Product Owners, Application Owners, Infrastructure and Application teams, Security, and Risk Management to facilitate quarterly and annual audits. This role will manage a team who will be responsible for coordinating evidence collection, management for remediation of control gaps, and provide clear, compliance reporting to leadership, Internal Audit, and external regulators. This role requires deep understanding of IT Operations, Software Development Lifecycle, regulatory control frameworks, audit methodology, and process maturity models (e.g., CMMI) and serves as a key advisor to TEC IT Provision Owners and the GIS Compliance Program on compliance risk, control effectiveness, and continuous improvement.

Requirements

Bachelor’s degree or equivalent combination of education, certifications, and experience.
10+ years of progressive IT leadership experience, with demonstrated ownership of governance, audit, or compliance functions, including leading teams, delivering complex initiatives, and driving process improvement and operational excellence.
Team leadership in matrixed organizations
Servant leadership that highly values feedback
Demonstrated ability to resolve conflict and drive direction/focus
Proven experience executing and supporting regulatory IT controls in large, complex enterprises.
Strong working knowledge of:
IT Operations
Regulatory control frameworks
Audit methodologies
ITIL & SDLC Processes
Process maturity models (e.g., CMMI)
Demonstrated experience leading audit facilitation, evidence management, and remediation execution.
Exceptional written and verbal communication skills, including the ability to present complex compliance topics to senior leadership.
Proven ability to influence and drive outcomes without direct authority across matrixed organizations.

Nice To Haves

Experience with IT Asset Management, Change Management, and Software Lifecycle controls.
Prior experience supporting internal and/or external regulatory audits.
Familiarity with IT governance, risk, and compliance (GRC) operating models.
Strong analytical skills with the ability to translate data into audit ready insights.
Experience building repeatable compliance processes in evolving or transforming organizations.

Responsibilities

IT Governance & Regulatory Compliance
Act as the TEC aligned control execution authority for regulatory IT controls, including Asset Inventory, Change Management, and Software End of Life.
Work with TEC IT Provision and Control Owners for alignment on policy, standard operating procedures, and control execution requirements.
Responsible for control design validation, operational execution oversight, and compliance reporting for TEC managed controls.
Establish and maintain standardized governance processes, control narratives, and operating procedures to ensure consistency and auditability.
Ensure alignment of TEC controls with enterprise policies, regulatory obligations, and audit expectations.
Audit Management & Evidence Collection
Lead quarterly and annual audit requirements, supporting Management Testing and external audit requests.
Coordinate evidence collection, validation, and submission across multiple IT control owners and stakeholders.
Serve as the primary point of contact for GIS Regulatory and Compliance organization and auditors related to TEC managed controls.
Track, manage, and report on audit findings, observations, and remediation activities through closure.
Cross Functional Facilitation & Control Ownership
Facilitate collaboration across TEC IT control owners to ensure timely and accurate control execution.
Partner with Application, Infrastructure, Security, and Platform teams to operationalize compliance requirements.
Drive accountability for control gaps, remediation plans, timelines, and ownership.
Provide clear guidance and education to teams on control intent, expectations, and audit readiness.
Compliance Reporting & Risk Transparency
Develop and deliver executive level compliance reporting, dashboards, and risk summaries.
Provide leadership with clear visibility into control health, risk posture, and remediation progress.
Support regulatory responses with accurate, evidence based narratives and documentation.
Process Maturity & Continuous Improvement
Identify systemic control weaknesses and lead process improvements to reduce audit risk and operational friction.
Establish repeatable, scalable compliance oversight processes to support long term regulatory sustainability.
Leadership and Business Acumen
Lead and develop a compliance focused team responsible for governance execution and audit readiness.
Establish clear performance expectations aligned to control execution quality, audit outcomes, and risk reduction.
Partner effectively with senior leaders, control owners, and auditors as a trusted compliance authority.
Demonstrate sound judgment, discretion, and professionalism when managing regulatory risk and audit interactions.