Security Compliance Manager at Expedia Group
We’re seeking a highly motivated, collaborative and technically experienced Security Compliance Manager to join the Expedia Group Security (EGS) organization. You understand cloud operational and security processes & controls, effectively build, establish and communicate security controls, and support changes within the organization through effective development and testing. To be successful, you are organized, resourceful, possess domain knowledge on security compliance and have a “can-do” attitude. You will be a key member of our Governance Risk and Compliance (GRC) team and play a meaningful role in building cross-Expedia controls and a unified control framework, driving adherence, and collaborating across Expedia Group to improve our control and security posture. In this role, you will be required to demonstrate ability to analyze hard problems, think creatively and provide pragmatic solutions and recommendations. Your knowledge and experience in NIST CSF, ISO 27xxx, PCI, SSAE 18, and SOC 2 will be an asset.
What you'll do:
- Evaluate the design and effectiveness of common controls based upon industry best practice models (e.g. COBIT, ITIL) in accordance with compliance requirements
- Drive development and implementation of compliance programs (eg: ISO 27001 and SOC2), as well as the activities to help measure and monitor ongoing compliance
- Participate in external certifications and drive Expedia partner audit events, including preparation, sample delivery, onsite facilitation and management response activities
- Responsible for being part of the ‘front line’ in liaising with Expedia Group technology/ engineering teams and internal/ external auditor on security matters
- Drive the definition of security control requirements and a unified control framework
- Facilitate efficient communication across all levels of an assessment to ensure consistency in reaching our compliance goals
- Provide technical and operational support on security compliance for Expedia’s partner environment
- Present recommendations, options, opportunities and assumptions to leadership
Who you are:
- A minimum of 6 years job related experience in a technical compliance or engineering field
- Has worked in a regulated environment, preferably dealing with PCI, SOC 2, ISO 27xxx or other federally regulated examinations
- Demonstrated expertise leading compliance projects and effectively managing stakeholders and partners
- Knowledge and familiarity related to administering and securing operating systems, database platforms, endpoint security and network infrastructure is preferred.
- Ability to recognize, analyze and document deficiencies and articulate those deficiencies to both technical and non-technical personnel.
- Experience using a risk-based audit approach in evaluations of and recommendations for management processes
- An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
- Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, PCI, etc.
Why Join Us:
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them to tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.