Director, Security Compliance
Expedia
This job is no longer accepting applications
See open jobs at Expedia.See open jobs similar to "Director, Security Compliance" Travel Tech Essentialist.If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Director - Security Compliance
Our worldview at Expedia Group is “Travel is a force for good”; we believe travel is a force for good in the world. You don’t have to look too closely to realize right now that the world needs all the goodness it can get – it needs more travel. And with that as our worldview, the work we do at Expedia Group becomes more important than ever. Expedia Services is where exceptional technical and businesspeople come together to leverage our two decades in travel and invest in scalable solutions.
The Expedia Security & Privacy Organization is seeking a highly motivated, collaborative Director - Security Compliance, with a practical self-starter mindset to be responsible for driving the overall development, implementation, and maintenance and management of the Global Compliance Program, including but not limited to regulatory needs such as PCI-DSS, GDPR/CCPA, etc. and best practices from SOC2, NIST CSF, ISO, etc. Additionally, this role is responsible for driving compliance focus and accountability across the organization and ensuring global compliance to all current regulatory guidelines and to Expedia Security & Privacy policies and standards. This position will serve as a primary liaison between internal and external auditor groups to integrate compliance regulation and controls to protect the Expedia’s assets and data globally. This is a unique role that will develop and drive operational excellence and program improvement and accelerate our mission to power global travel for everyone, everywhere.
To be successful, you are organized, resourceful, possess domain knowledge on PCI DSS and security compliance and have a “can-do” attitude. You will be a key member of our security governance, risk, compliance, and privacy leadership team and responsible for providing expert risk analysis and information to business and risk management leadership. In this role, you will establish rapport with cybersecurity leadership, as well as external consultants to help support the company’s overall PCI DSS compliance. The role is charged with implementing and maintaining policies, as well as managing a comprehensive controls framework with industry requirements to ensure enterprise-wide PCI DSS compliance.
The ideal candidate will have diverse backgrounds and understand a variety of systems and services, including new technologies and legacy systems that are intertwined with PCI DSS scope. You will report to Senior Director – GRC and Privacy Operations.
We believe diversity and inclusion among our teammates produces better results and is critical to our success as a global company and are committed to recruiting, developing, and retaining the most talented people from a diverse candidate pool.
What you'll do:
Work in tandem with Product & Technology, risk management, cybersecurity and business leads to incorporate compliance practices and industry standards
Develop and implement a comprehensive and Global Cybersecurity compliance program including but not limited to PCI-DSS, SOC2, GDPR, CCPA, HIPPA, NIST, ISO, etc. to achieve a strong compliance maturity model
Ownership of a formal Compliance Governance process which aligns and prioritizes security initiatives, driving compliance focus and accountability across the organization
Develop and establish executive dashboard reporting on compliance events, findings, accomplishments and publish to senior management and key stakeholders
Manage the Global Compliance Program, which includes conducting the required testing and assessments including but not limited to PCI-DSS, SOC2, GDPR, HIPPA, NIST, ISO; and determine scope, process, testing, documentation, reporting, and remediation Continuously monitor changes to regulatory requirements, the threat landscape and business impact
Partner with internal and external auditors to validate controls for compliance
Direct compliance teams to document, communicate and enforce security improvements that balance risk with business operations and ensure controls do not weaken efficiencies or business innovation
Create, prioritize, and manage the yearly scope of technology compliance obligations
Identify, document, and monitor to closure any gaps when compliance responsibilities are not met
Evaluate security controls and opportunities for improvement and communicate recommendations
Attract, manage, grow, and retain talent to ensure highest performance of Compliance function in GRC
Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practice guidance
Acquire and retain knowledge of applicable industry standards
Who you are:
Bachelor's degree or Master's degree in Information Technology, Information Management, Risk, Audit, Compliance, or related technical field; or Equivalent related professional experience
10+ years of experience
Demonstrated understanding of PCI DSS and frameworks (NIST, ISO, SOC2)
Previous work with both legacy and emerging technology solutions in scope
Exposure to cloud providers (AWS, Google Cloud Platform, Microsoft Azure), virtualization and security management preferred
Knowledge of networking, APIs, application security, encryption, identity and authentication, vulnerability management, threat intelligence, insider threats, attack surface, attacker tactics, and be proficient in understanding approved scanning vendor and attestation of compliance reports
Strong organizational management, with experience managing diverse technical and business unit teams
Capable of working with diverse teams and promoting a positive, enterprise-wide security culture
Strong project management, multitasking and organizational skills
Preferably one or more of the following professional certifications: PCIP, ISA, QSA, CISA, CRISC, CISSP
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership. View our full list of benefits.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
This job is no longer accepting applications
See open jobs at Expedia.See open jobs similar to "Director, Security Compliance" Travel Tech Essentialist.