Security Compliance Manager
Are you a highly motivated, collaborative and technically experienced Security Compliance Manager ready to join Expedia Group's Enterprise Risk & Security (ERS) group? Do you understand cloud operational and security processes, effectively build, establish and communicate security controls, and support changes within the organization through effective development and testing?
Consider Expedia Group!
To be successful, you'll be organized, inventive, possess domain knowledge on security compliance and have a “can-do” attitude. You will be a key member of our GRC team and play a key role in building controls adherence to the security and Payment Card Industry (PCI) requirements. In this role, you will demonstrate ability to analyze hard problems, think out-of-box and provide pragmatic solutions and recommendations. Along with your knowledge of PCI, your experience in NIST CSF, ISO 27001, ISO 27018, FedRAMP, PCI, SSAE 18, or SOC 2 will be an asset!
What you'll do
- Evaluate the design efficiency of common controls based upon industry standard methodology models (e.g. COBIT, ITIL) in accordance with compliance requirements
- Participate in external certification and drive our partner audit events, including preparation, sample delivery, and onsite facilitation
- Assist in the analysis and definition of security requirements and help with ongoing maintenance and support of security controls
- Act as internal resource and authority on Expedia Security policy & standards
- Lead and own the development of medium to complex multi-functional compliance and audit related projects
- Aid in defining audit scope and objectives, involving all relevant partners
- Drive appropriate meeting cadence required to achieve and maintain for a successful internal/external third-party audit
- Facilitate efficient communication across all levels of an audit to ensure consistency in reaching the audit's goals, and to help in the recognition of any potential opportunities, risks, or complications
- Hold business partners accountable for timely and quality execution of objectives
- Perform risk management to minimize audit risks: identify, track, mitigate, and resolve risks and issues
- Present recommendations, options, opportunities, and assumptions to leadership
Who you are
- A minimum of 6 years job related experience in compliance or technical engineering field
- Worked in a regulated environment, preferably dealing with PCI, SOX, SOC 2 or other federally regulated examinations
- Demonstrated expertise managing a compliance audit and partners
- Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, PCI
- Knowledge and familiarity related to coordinating and securing operating systems, database platforms, endpoint security and network infrastructure is preferred
- Experience with methodologies related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)
- Ability to recognize/analyze/and document deficiencies and articulate those to both technical and non-technical key management personnel
- Experience using a risk-based audit approach in evaluations of and recommendations for management processes
- An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them to tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.