Senior Manager, Security Compliance (PCI)

Our worldview at Expedia Group is “Travel is a force for good”; we believe travel is a force for good in the world. You don’t have to look too closely to realize right now that the world needs all the goodness it can get – it needs more travel. And with that as our worldview, the work we do at Expedia Group becomes more important than ever.

Expedia Services is where exceptional technical and businesspeople come together to leverage our two decades in travel and invest in scalable solutions. The Expedia Security & Privacy Organization is seeking a highly motivated, collaborative Senior Manager - Security Compliance, with a practical self-starter mindset to advise and serve as a subject matter expert and manage all aspects of Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.

In this role, you will manage a team of analyst and the annual PCI DSS lifecycle, including assessments, testing, validation of controls and documentation related to compliance. In addition, you will keep pace with regulatory changes to ensure the company maintains PCI DSS compliance.

This is a unique role that will develop and drive strategy for our PCI DSS program, drive operational excellence and program improvement, and accelerate our mission to power global travel for everyone, everywhere. To be successful, you are organized, resourceful, possess domain knowledge on PCI DSS and security compliance and have a “can-do” attitude. You will be a key member of our security governance, risk, compliance, and privacy team and responsible for providing expert risk analysis and information to business and risk management leadership. The role is charged with managing a comprehensive controls framework with industry requirements to ensure enterprise-wide PCI DSS compliance.

The ideal candidate will have diverse backgrounds and understand a variety of systems and services, including new technologies and legacy systems that are intertwined with PCI DSS scope. You will report to Director Security Compliance.

We believe diversity and inclusion among our teammates produces better results and is critical to our success as a global company and are committed to recruiting, developing, and retaining the most talented people from a diverse candidate pool.

What you'll do:

• Identify and document in-scope systems and applications for the PCI DSS cardholder data environment. Guide technical teams and stakeholders to implement required controls and meet compliance

• Act as the primary point of contact for all PCI-related requirements, initiatives, and external relationships. Act as the main PCI DSS subject matter expert when internal team members have questions/need guidance and be the key liaison with external PCI advisory firms

• Maintain documentation and keep the state of PCI program compliance up to date

• Liaison with risk management, third-party qualified security assessors, audit, and compliance, as well as the PCI governing body and communities

• Closely monitor and understand current and potential changes to the PCI DSS framework

• Complete and preserve the internal self-assessment questionnaire as needed, as well as coordinate and communicate the report on compliance

• Facilitate education and training for employees required to uphold PCI compliance

• Continuously assess and validate cardholder data environment controls and monitoring

• Provide oversight on findings and require thorough documentation and recommendations

• Support business innovation initiatives, while ensuring PCI compliance is met

• Maintain a high degree of knowledge with current and proposed security changes impacting PCI compliance and security industry best practices

• Possess general knowledge of networking, encryption, authentication, payment infrastructure and application security

• Influence and validate PCI DSS controls and present regularly to security, audit, and business leadership

• Guide team members to align with security, audit, and risk management leadership for ongoing PCI compliance assessments, as well as annual strategic technology and budgetary directives

• Liaison with internal and external auditors to manage controls for compliance and privacy laws

• Perform other duties as assigned

Who you are:

• 7+ years of overall corporate work experience with a bachelor’s degree or 5+ years of relevant experience with an advanced degree with a focus in Information technology/management, risk, or audit preferred

• Demonstrated understanding of PCI DSS and general knowledge of frameworks (NIST CSF, ISO, SOC2, FedRAMP, SSAE18)

• Previous work with both legacy and emerging technology solutions in scope

• Exposure to cloud providers (AWS, Google Cloud Platform, Microsoft Azure), virtualization and security management preferred

• Strong organizational management, with experience managing diverse technical and business unit teams

• General understanding of networking, APIs, application security, encryption, identity and authentication, vulnerability management, threat intelligence, insider threats, attack surface, attacker tactics, and be proficient in understanding approved scanning vendor and attestation of compliance reports

• Capable of working with diverse teams and promoting a positive, enterprise-wide security culture

• Strong project management, multitasking and organizational skills

• Preferably one or more of the following: PCIP, ISA, QSA, CISA, CRISC, CISSP

#LI-MY2

The total cash range for this position in Austin is $134,500 to $188,000. Employees in this role have the potential to increase their pay up to $215,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

The total cash range for this position in Chicago is $127,000 to $177,500. Employees in this role have the potential to increase their pay up to $203,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.

Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.