Security Compliance Manager
Are you a highly motivated, collaborative and technically experienced compliance professional? Do you understand cloud operational and security processes? Do you effectively build, establish and communicate security controls, and support changes within the organization through effective development and testing?
Expedia's Enterprise Risk & Security (ERS) group is seeking an organized, resourceful Security Compliance Manager with domain knowledge on security compliance and a “can-do” attitude. You will be a key member of our Governance Risk and Compliance team and play a key role in building controls adherence to the security and Payment Card Industry (PCI) requirements. In this role, you will demonstrate ability to analyze hard problems, think out-of-box and provide pragmatic solutions and recommendations. In addition to your knowledge of PCI, experience in NIST CSF, ISO 27001, ISO 27018, FedRAMP, PCI, SSAE 18, or SOC 2 will be an asset.
What you’ll do
- Evaluate the design and effectiveness of common controls based upon industry models (e.g. COBIT, ITIL) in accordance with compliance requirements
- Assist in the analysis and definition of security requirements; act as internal resource and authority on Expedia Security policy & standards
- Define audit scope and objectives, involving all relevant stakeholders
- Drive appropriate meeting cadence required to achieve and maintain for a successful internal/external third-party audit
- Facilitate efficient communication across all levels of an audit to ensure consistency in reaching the audit's goals, and to help in the recognition of any potential opportunities, risks, or complications
- Hold business owners accountable for timely and quality execution of deliverables
- Perform risk management to minimize audit risks: identify, track, mitigate, and resolve risks and issues
Who you are
- You have a minimum of 6 years job related experience in compliance or technical engineering field
- You have worked in a regulated environment, preferably dealing with PCI, SOX, SOC 2 or other federally regulated examinations
- You have proven expertise leading a compliance audit
- Information Security Certification(s) with work experience preferred. Desired certifications include: CISA, CISP, PCI
- Knowledge and familiarity related to administering and securing operating systems, database platforms, endpoint security and network infrastructure is preferred. Experience related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)
- Ability to recognize/analyze/and document deficiencies and articulate those deficiencies to both technical and non-technical key management personnel. Experience using a risk-based audit approach in evaluations of and recommendations for management processes
- An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them the tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground, so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.