We’re seeking a highly motivated, collaborative and technically experienced Sr. Security Compliance Manager to join Expedia Group's Security (EGS) organization.
You understand cloud operational and security processes, build, establish and communicate security controls, and support changes within the organization through effective development and testing. You are organized, inventive, possess domain knowledge on security compliance and have a “can-do” attitude. You will be a key member of our Compliance team and play a key role in building controls alignment to the security and Payment Card Industry (PCI) requirements. In this role, you will analyze hard problems, think out of the box, design sophisticated solutions, and provide pragmatic solutions and recommendations in your area of specialization. Beyond your knowledge of PCI, experience in NIST CSF, ISO 27xxx, FedRAMP, PCI, SSAE 18, or SOC 2 will be an asset.
Is this you? If so, consider Expedia!
What you'll do:
- Drive an aspect of PCI as a program across Expedia Group
- Evaluate the design and efficiency of common controls based upon industry models (e.g. COBIT, ITIL) in accordance with compliance requirements
- Analyze and definite security requirements with a compliance lens
- Act as internal resource and authority on Expedia Security policy & standards, specialize in an area with deep knowledge
- Lead and manage the full life cycle of sophisticated multi-functional security compliance and audit related projects
- Assist in the definition of audit scope and objectives, involving all relevant partners
- Drive appropriate meeting cadence required to achieve and maintain a successful internal/external third-party audit
- Facilitate efficient communication across all levels of an audit to ensure consistency in reaching the audit's goals, and to help in the recognition of any potential opportunities, risks, or complications
- Hold business owners accountable for timely and quality execution
- Perform risk management to minimize audit risks: identify, track, mitigate, and resolve risks and issues
- Present recommendations, options, opportunities, and assumptions to leadership, deliver upon agreed upon outcomes
Who you are:
- A minimum of 6 years job related experience in compliance or technical engineering field
- Has worked in a regulated environment, solving for PCI, SOX, SOC 2 or other federally regulated examinations
- Information Security Certification(s) with proven work experience preferred. Desired certifications include: CISA, CISSP, PCI ISA or QSA
- Knowledge and familiarity related to operating and securing operating systems, database platforms, endpoint security and network infrastructure
- Experience with solutions related to network architecture & security controls (Routers, Firewalls, networking protocols, etc)
- Ability to recognize/analyze/document deficiencies and articulate those deficiencies to both technical and non-technical key management personnel.
- Experience using a risk-based audit approach in evaluations of and recommendations for management processes
- An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
Why Join Us:
Expedia Group recognizes our success is dependent on the success of our people. We are the world's travel platform, made up of the most knowledgeable, passionate, and creative people in our business. Our brands recognize the power of travel to break down barriers and make people's lives better – that responsibility inspires us to be the place where exceptional people want to do their best work, and to provide them to tools to do so.
Whether you're applying to work in engineering or customer support, marketing or lodging supply, at Expedia Group we act as one team, working towards a common goal; to bring the world within reach. We relentlessly strive for better, but not at the cost of the customer. We act with humility and optimism, respecting ideas big and small. We value diversity and voices of all volumes. We are a global organization but keep our feet on the ground so we can act fast and stay simple. Our teams also have the chance to give back on a local level and make a difference through our corporate social responsibility program, Expedia Cares.
If you have a hunger to make a difference with one of the most loved consumer brands in the world and to work in the dynamic travel industry, this is the job for you.
Our family of travel brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Egencia®, trivago®, HomeAway®, Orbitz®, Travelocity®, Wotif®, lastminute.com.au®, ebookers®, CheapTickets®, Hotwire®, Classic Vacations®, Expedia® Media Solutions, CarRentals.com™, Expedia Local Expert®, Expedia® CruiseShipCenters®, SilverRail Technologies, Inc., ALICE and Traveldoo®.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.