Security Compliance Manager
Are you a highly motivated, technically experienced and curious risk management and compliance professional who can address the challenges of increasing our security posture across Expedia Group (EG)? Can you lead the discussion and collaborate cross functionally to identify & quantify pervasive security risks to the environment & and then present those insights to decision makers? Do you have the discipline to deliver results with a strong passion for ownership and driving change?
Expedia's Enterprise Risk & Security (ERS) organization is seeking an experienced Risk & Compliance Manager to develop, expand and drive the structure, processes and interactions needed for a successful security risk program. You will be a critical part of the Governance, Risk & Compliance (GRC) team, focused on influencing security and compliance across Expedia by owning the security risk register and program, providing leadership level visibility into our current risk posture (including 3rd-party risks), and to ensure mitigations/remediations are identified and prioritized to lower risks to an acceptable level.
Beyond possessing domain knowledge on security risk and compliance (preferably in a highly dynamic environment), you must be organized, resourceful and possess the ability to build strong relationships and trust across the enterprise. In this individual contributor role, you will demonstrate your ability to analyze hard problems, think out-of-box, and execute against the enterprise security strategy. In addition to your knowledge of security risk and compliance, experience with security frameworks and compliance initiatives such as NIST, ISO, PCI, GDPR, or SOC2 will be an asset.
What you’ll do
- Lead the enterprise cybersecurity risk management program and contribute to the definition and implementation of the risk management strategy
- Establish and implement consistent terminology, reporting requirements/metrics and automation to ensure consistent analysis of risks
- Own the central EG security risk registry
- Work closely with the business and technology counterparts to understand enterprise objectives, initiatives and cybersecurity risks and suggested mitigations
- Coordinate with teams to validate security gaps & score/quantify the underlying cyber risk to EG, evaluate known issues, and partner to identify/validate root causes and solutions
- Work directly with security product and architects to ensure remediation or mitigation strategies are established and prioritized
- Communicate risk posture to leadership and division partners in a consistent voice and format
Who you are
- Over 7+ years’ experience in a dedicated information security, compliance, IT audit, or technical risk management field
- 3+ years leading information security governance and risk activities, preferably in a highly dynamic environment
- Extensive knowledge of enterprise cybersecurity management practices, governance, and risk assessment methodologies. Demonstrated expertise in understanding mitigating controls at the process, system, network, application and data levels
- Experience in technical and business risk analysis and making technical trade-offs between short versus long-term security and business goals
- Experience translating complex and ambiguous problems into understandable components and actionable plans. Superb communication, presentation and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus among business and technology partners
- Knowledge of regulatory and industry frameworks such as NIST, ISO 27000 series, PCI-DSS, SOC2, etc.
- Information Security Certification(s) such as CISSP, CRISC, CISA, CISM or other comparable security controls or audit certifications preferred
Why join us
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them the tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground, so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.