Senior Director, Security Compliance
Senior Director Security Compliance
The Enterprise Information Security team is seeking a leader who will ensure that we provide the technology and business teams of Expedia Group with world class governance, regulatory adherence and compliance with our security policies across our systems and environments. The GRC team will be charged with cultivating an organization that provides PCI certification, IT security controls and policy compliance and creation for on-prem and cloud based environment, SOC2 attestation, privacy requirements (e.g. GDPR), partner and consumer support of security documentation, and security oversight of EI contracts. This leader will partner and engage with our technology and business teams, manage long-term relationship, and large-scale compliance and certifications in support of our security posture.
What you’ll do:
- Lead and drive a team of Security Analyst and Compliance Experts
- Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables
- Partner and collaborate with business and technology teams to develop actionable solutions for security compliance, certifications, and governance
- Oversight for the creation, revisions and compliance of security policies and controls
- Work closely with product management to prioritize and establish roadmap for the team
Who you are:
- Hands on experience with the compliance (e.g. auditing, control testing, certifications, and attestations)
- Knowledge of current security controls and landscape including traditional data center and cloud computing platforms
- Self motivated and able to effectively lead a large and diverse team
- Must have well developed change management skills; be effective in working across organizational boundaries to build a case for changes, and to execute on the change plan from strategy through to ongoing operation and continuous process improvement
- Experienced in, and able to formulate, the effectiveness and benefits of security compliance and certification initiatives in the context of overall business risk mitigation, security posture, and the company’s operational objectives
- Demonstrated knowledge of security industry standards, privacy regulations, compliance testing and leading practices (e.g. PCI, OWASP, NIST, CIS, GDPR)
- Experience in leading diverse security teams, and ability to present to senior management and large groups
- Must be able to simplify security and technical concepts for laypersons within our business and technology teams
- Demonstrated ability to work autonomously and manage a wide variety of work streams simultaneously, and under deadline
- Exposure to security systems and process with a background in travel industry a plus
- Minimum ten (10) years of information security experience, auditing and/or compliance in increasing responsible roles required
- Professional certification in information security or compliance (for example, CISSP, CISM, or CISA) a plus
Why join us:
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them the tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground, so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.