Security Operations Analyst III
Location: Austin, Texas, Chicago, Illinois, Seattle, Washington
Job Type: Full time
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Security Operations Analyst III
Are you a highly motivated, experienced & curious security risk and compliance professional who can address the challenges of increasing our security posture across Expedia Group (EG)? Can you play a role in an enterprise-wide security risk and compliance program, collaborate cross functionally to identify and communicate security compliance requirements for critical initiatives, and provide leadership level visibility into current risk and compliance posture? Do you have the discipline to deliver results with a strong passion for ownership and driving change?
Expedia Security and Privacy (ESP) is seeking an experienced Security Compliance Manager! This position requires a mix of broad business and technical acumen with strong people-management skills, the ability to inspire and influence decisions around security risk management, and a polished ability to communicate with key stakeholders and internal customers. In this role the mission is to earn, build, and retain customer/partner trust and regulator confidence by promoting verifiable transparency into Expedia Group’s security, and compliance postures. In turn, the role will enable enterprise customers and collaboration with security compliance teams across the organization to drive programs that promote trust, compliance and contribute to Expedia Group’s overall security and compliance health. The role will drive programs that help the EGS Trust and Enablement team scale through process improvement oversight and consistent delivery methods.
Beyond possessing domain knowledge on security risk and compliance (preferably in a highly dynamic environment), you are organized, resourceful and able to build strong relationships and trust across the enterprise. In this role, you demonstrate your ability to build out a long-term risk and compliance strategy, analyze and think out-of-box to find solutions to hard technical problems, and execute towards the enterprise security north star. Your knowledge and experience with security frameworks and compliance initiatives, such as NIST CSF, ISO 27xxx, PCI, and SOC 2 will be an asset.
What you’ll do :
Drive continuous improvements to the security organization, the program management process and control implementation projects in coordination with the service teams
Perform security reviews, identify gaps in security and compliance requirements
Evaluate a system's compliance with information technology (IT) security, resilience, compliance (PCI,SOC2) and dependability requirements
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations
Perform analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security and privacy risk management
Promote and foster collaboration and standardization across multiple internal security teams to ensure consistent outcomes and a single voice of security to the business
Provide robust assurance of the operational effectiveness of our compliance controls to partners and stakeholders
Establish credibility and maintain strong working relationships with the business to understand enterprise objectives, initiatives, and cybersecurity risks
Report and communicate status and metrics to leadership and division partners in a consistent voice and format
Who you are :
Over 5+ years’ experience or Bachelor's Degree in a dedicated information security, compliance, or technical risk management field
Extensive knowledge of enterprise cybersecurity management practices, governance, and risk/compliance assessment methodologies
Strong communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership
An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
Knowledge of regulatory and industry frameworks such as NIST, ISO, PCI, SOC2, etc.
Information Security Certification(s) such as CISSP, CRISC, CISA, CISM or similar certifications preferred
The total cash range for this position in Austin is $104,000 to $145,500.00. Employees in this role have the potential to increase their pay up to $166,500, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
The total cash range for this position in Chicago is $95,500 to $134,000.00. Employees in this role have the potential to increase their pay up to $153,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.