Director, Technology Audit
Expedia
Director, Technology Audit
-
United States - Washington - Seattle
-
Finance
-
Full-Time Regular
-
11/06/2025
-
ID # R-99152
Share this position
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us?
To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.
We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.
Director, Technology Audit
Please note this role is only available in Seattle and follows our flexible work model, which requires three in-office days a week.
Expedia Group Internal Audit is a global function responsible for providing independent assurance and evaluating the company's risk management, governance and internal control processes to determine if they are designed and operating effectively. The Internal Audit team plans and executes audit projects according to our risk-based audit plan by evaluating financial, technology, compliance and operational processes and controls. We work with business functions in addressing risks and improving the internal controls environment through timely and comprehensive audit and risk advisory work.
What you'll do:
We are looking for a Technology Audit Leader to lead our global IT audit team and be the primary liaison to senior leadership on IT risk and governance. Reporting to the Vice President of Internal Audit, this person will be a key member of our internal audit leadership team.
Serve as the primary liaison to senior leadership on IT Risk and IT Governance while building a high-performing team that delivers measurable impact.
This role offers visibility at the highest levels of the organization and requires a balance of strategic foresight, technical expertise, hands-on leadership and has strong communication skills to influence and align partners (including senior leaders) to manage risk, protect Expedia Group, drive transparency and deliver exceptional audit results.
Experienced people-leader capable of building high-performing teams and can communicate IT risks with a business context.
Developing Talent and Effective Teams
Lead and mentor a team of IT audit and compliance professionals, providing guidance and support in their professional development.
Holds self and team accountable for setting and meeting departmental goals.
Helps team members identify and build key relationships and networks inside and outside the organization.
Inspires and gains the commitment of others towards the vision, mission, values and organizational goals.
Experience and Qualifications:
12+years of relevant experience in Technology Audit, Product Security, Security Engineering or Security Compliance preferably within the technology sector and/or Big4 consulting.
Bachelor's and/or master’s. Preferably in computer science or engineering.
Professional certifications such as CISSP, CISM, GIAC, CCNA, CISA, CRISC, or CIA.
Experience working in a global organization and managing projects across different time zones.
Strong understanding of technology risk and security fundamentals across various cyber domains: IAM, applied cryptography, key management systems, data security, application security, web security, security protocols, API Design, threat intelligence, network security, hardware security, vulnerability management, etc.
IT General Controls (Logical Access, Change Management, IT Operations, Program Development/SDLC)
Expertise in implementing or assessing the SDLC process, technology, and automation in a DevOps environment. Familiarity logging technologies, system monitoring, and security event management.
Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
Excellent problem solving, critical thinking, collaboration and communication skills combined with the ability to provide a credible technical challenge to the business.
(Preferred)
Cyber security concepts, risks and practices (e.g., identity access management, vulnerability management, security governance, software development, auditing and logging, micro segmentation, secure access services, PKI) and security frameworks such as NIST, ISO 27000.
Cloud operations (e.g., Cloud architecture, infrastructure, networks, secure compute workloads, resiliency, data encryption, account and key management, identity access management, software development in the cloud).
Data governance (e.g., frameworks, policies, third-party data risks, and data security and protection).
Data privacy compliance including GDPR, CCPA, HIPAA, and other regulations; Artificial intelligence, Governance and risk management.
Utilizes knowledge of the IIA framework, IT controls framework, risk frameworks, technical frameworks, emerging risks, regulatory compliance requirements, etc. to identify, design, and drive programs and analyses that support the organization’s mission.
Big Data (e.g. data analysis and visualization tools, data engineering modeling, scripting language such as SQL or Python)
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership. View our full list of benefits.
Accommodation requests
If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.
We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.
Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.