Senior Security Compliance Manager
Location: Austin, Texas, Seattle, Washington
Job Type: Full time
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Are you a highly motivated, collaborative and technically experienced Senior Security Compliance Manager ready to join Expedia Group Security's (EGS) Governance, Risk and Compliance (GRC) group? Do you understand cloud operational and security processes, effectively build, establish and communicate security controls, and support changes within the organization through effective development and testing?
To be successful, you'll be organized, inventive, possess domain knowledge on security compliance and have a “can-do” attitude. You will be a key member of our GRC team and play a key role in building out the SOC 2 compliance program. In this role, you will demonstrate ability to analyze hard problems, think out-of-box and provide pragmatic solutions and recommendations. Along with your knowledge of SOC 2, your experience security compliance frameworks in (NIST CSF, ISO 27001, etc.) will be an asset!
What you'll do
- Evaluate the design efficiency of SOC 2 controls based upon industry standard methodology models in accordance with compliance requirements
- Participate in external certification and drive our partner audit events, including preparation, sample delivery, and onsite facilitation
- Assist in the analysis and definition of security requirements and help with ongoing maintenance and support of security controls
- Providing consulting services to Expedia Group on Expedia Group Security policy & standards and SOC 2 controls
- Lead and own the development of complex, multi-functional compliance and audit related projects
- Aid in defining audit scope and objectives, involving all relevant partners
- Drive appropriate meeting cadence required to achieve and maintain for a successful internal/external third-party audit
- Facilitate efficient communication across all levels of an audit to ensure consistency in reaching the audit's goals, and to help in the recognition of any potential opportunities, risks, or complications
- Hold business partners accountable for timely and quality execution of objectives
- Devise efficient and effective communication to SOC 2 stakeholders
- Present recommendations, options, opportunities, and assumptions to leadership
Who you are
- A minimum of 6 years job related experience, working in a regulated environment, in SOC 2 compliance or other related compliance program
- Demonstrated expertise managing a compliance audit and partners
- Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include: CISA, CISP, ISA/PCIP
- Knowledge and familiarity related to coordinating and securing operating systems, database platforms, endpoint security and network infrastructure is preferred
- Experience with methodologies related to network architecture & security controls (routers, firewalls, networking protocols, etc)
- Ability to recognize/analyze/and document deficiencies and articulate those to both technical and non-technical key management personnel
- Experience using a risk-based audit approach in evaluations of and recommendations for management processes
- An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.