Senior Manager, Security Governance and Trust
Expedia
This job is no longer accepting applications
See open jobs at Expedia.See open jobs similar to "Senior Manager, Security Governance and Trust" Travel Tech Essentialist.If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Senior Manager, Security Governance and Trust
Our worldview at Expedia Group is “Travel is a force for good”; we believe travel is a force for good in the world. You don’t have to look too closely to realize right now that the world needs all the goodness it can get – it needs more travel. And with that as our worldview, the work we do at Expedia Group becomes more important than ever. Expedia Services is where exceptional technical and businesspeople come together to leverage our two decades in travel and invest in scalable solutions.
Are you a highly motivated, experienced & curious security risk and compliance professional who can address the challenges of increasing our security posture and building trust across Expedia Group (EG)? Can you play a role in an enterprise-wide security risk and compliance strategic initiatives, collaborate cross functionally to identify and communicate security compliance requirements and provide leadership level visibility into current risk, security and compliance posture? Do you have the discipline to deliver results with a strong passion for ownership?
The Expedia Security & Privacy Organization is seeking a highly motivated, collaborative Senior Manager for our Security Governance and Trust team. This person have a practical self-starter mindset to advise and serve as a subject matter expert and manage all aspects of NIST CSF (National Institute of Standards and Technology Cyber Security Framework) and Privacy by Design (PbD) along with areas of cybersecurity compliance included within NYDFS, CBPR, NIS 2 EU, CCPA, CPRA as well as cloud compliance in support of all areas of cybersecurity compliance.
In this role, you will work closely with risk, compliance and security leadership and are responsible for identifying, evaluating, and reporting on the state of NIST CSF, PbD, and other. You will be the primary point of contact for all Cybersecurity Partner Trust. You will manage a team of analysts and the annual NIST CSF lifecycle, including assessments, testing, validation of controls and documentation related to compliance. In addition, the in this role you will keep pace with regulatory changes to ensure the company maintains its positive compliance standing.
This is a unique role that will develop and drive strategy for our security governance NIST CSF program, drive operational excellence and program improvement, and accelerate our mission to power global travel for everyone, everywhere. To be successful, you are organized, resourceful, possess domain knowledge on NIST CSF, PbD principles and security compliance and have a “can-do” attitude. You will be a key member of our security governance, risk, compliance, and privacy team and responsible for providing expert risk analysis and information to business and risk management leadership. In this role, you will establish rapport with cybersecurity leadership, as well as external consultants to help support the company’s overall NIST CSF maturity and PbD principles. The role is charged with implementing and maintaining policies, as well as managing a comprehensive controls framework with industry requirements to ensure enterprise wide NIST CSF and PbD compliance.
The ideal candidate will have diverse backgrounds and understand a variety of systems and services, including new technologies and legacy systems that are intertwined within NIST CSF and PbD scope. You will report to Director Security Governance and Compliance.
We believe diversity and inclusion among our teammates produces better results and is critical to our success as a global company and are committed to recruiting, developing, and retaining the most talented people from a diverse candidate pool.
What you’ll do:
Identify and document in-scope systems and applications for the NIST CSF and PbD environments. Guide technical teams and stakeholders to implement required controls and meet compliance.
Act as the primary point of contact for all Cybersecurity Partner Trust, NIST CSF and PbD requirements, initiatives, and external relationships.
Act as the main Cybersecurity Partner Trust, NIST CSF and PbD subject matter expert when internal team members have questions/need guidance and be the key liaison with external audit and advisory firms.
Maintain documentation and keep the state of Cybersecurity Partner Trust, NIST CSF program compliance up to date.
Liaison with risk management, third-party qualified security assessors, audit, and compliance, as well as the Cybersecurity Partner Trust, NIST CSF governing body and communities.
Closely monitor and understand current and potential changes to the NIST CSF framework.
Complete and preserve the internal self-assessment questionnaires as needed, as well as coordinate and communicate the Cybersecurity Partner Trust compliance.
Facilitate education and training for employees required to uphold Cybersecurity Partner Trust, and NIST CSF compliance.
Continuously assess and validate controls and monitoring.
Provide oversight on findings and require thorough documentation and recommendations.
Support business innovation initiatives, while ensuring Cybersecurity Partner Trust, and NIST CSF compliance is met.
Maintain a high degree of knowledge with current and proposed security changes impacting Cybersecurity Partner Trust, and NIST CSF compliance and security industry best practices.
Possess general knowledge of networking, encryption, authentication, payment infrastructure and application security.
Influence and validate Cybersecurity Partner Trust, and NIST CSF controls and present regularly to security, audit, and business leadership.
Guide team members to align with security, audit, and risk management leadership for ongoing Cybersecurity Partner Trust, and NIST CSF compliance assessments, as well as annual strategic technology and budgetary directives.
Liaison with internal and external auditors to manage controls for compliance and privacy laws.
Perform other duties as assigned.
Who you are:
7+ years of overall corporate work experience with a bachelor’s degree or 5+ years of relevant experience with an advanced degree with a focus in Information technology/management, risk, or audit preferred.
Demonstrated understanding of NIST CSF and general knowledge of frameworks (PCI-DSS, NIST 800-53, ISO, SOC2, FedRAMP, SSAE18).
Previous work with both legacy and emerging technology solutions in scope.
Exposure to cloud providers (AWS, Google Cloud Platform, Microsoft Azure), virtualization and security management preferred.
Strong organizational management, with experience managing diverse technical and business unit teams.
General understanding of networking, APIs, application security, encryption, identity and authentication, vulnerability management, threat intelligence, insider threats, attack surface, attacker tactics, and be proficient in understanding approved scanning vendor and attestation of compliance reports.
Capable of working with diverse teams and promoting a positive, enterprise-wide security culture.
Strong project management, multitasking and organizational skills.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership. View our full list of benefits.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
This job is no longer accepting applications
See open jobs at Expedia.See open jobs similar to "Senior Manager, Security Governance and Trust" Travel Tech Essentialist.