Sr. Security Compliance Manager
Are you a highly motivated, experienced & curious risk management and compliance professional who can address the challenges of increasing our security posture across Expedia Group (EG)? Can you lead an enterprise wide security risk program, collaborate cross functionally to identify & quantify pervasive security risks, and provide leadership level transparency into current risk posture (including 3rd-party risks)? Do you have the discipline to deliver results with a strong passion for ownership and driving change?
Expedia's Enterprise Risk & Security (ERS) organization is seeking an experienced Sr. Risk & Compliance Manager to develop the strategy, expand and drive the structure, processes and interactions needed for a successful security risk program. You will be a critical part of the Governance, Risk & Compliance (GRC) team, focused on influencing security and compliance across Expedia by leading the security risk program, which includes the security risk register and third-party risk management, working across EG to ensure mitigations /remediations are identified and prioritized to lower risks to an acceptable level and providing leadership the visibility into current risk levels internally or with critical third-parties.
Beyond possessing domain knowledge on security risk and compliance (preferably in a highly dynamic environment), you are organized, resourceful and build strong relationships and trust across the enterprise. In this role, you demonstrate your ability to build out a long-term risk strategy, analyze and think out-of-box to find solutions to hard problems, and execute against the enterprise security strategy. In addition to your knowledge of security risk, you have experience with security frameworks and compliance initiatives will be an asset.
What you’ll do
- Lead the enterprise cyber security risk management program and own the definition and implementation of the risk management strategy
- You'll manage both the internal security risk management life cycle, as well as the third-party risk management program
- Establish and implement consistent terminology, reporting requirements/metrics and automation to ensure consistent analysis of risks
- You will collaborate with the business and technology counterparts to understand enterprise objectives, initiatives and cyber security risks
- Work directly with security product and architects to ensure remediation or mitigation strategies are established and prioritized
- You'll evaluate and report/communicate EG risk posture to leadership and division partners in a consistent voice and format
Who you are
- Over 9+ years’ experience in a dedicated information security, compliance, or technical risk management field, with 3+ years leading information security governance and risk activities
- You have extensive knowledge of enterprise cyber security management practices, governance, and risk assessment methodologies, including third-party risk management
- Experience in technical and business risk and making technical trade-offs between short versus long-term security and business goals
- You have expertise creating and utilizing KPIs and metrics to drive activity & provide visibility
- Superb communication, presentation and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership
- You are knowledgeable within regulatory and industry frameworks such as NIST, ISO, PCI, GDPR, etc.
- Information Security Certification(s) such as CISSP, CRISC, CISA, CISM or similar certifications preferred
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them to tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.