Senior Security Compliance Manager

The Expedia Security & Privacy Organization is seeking a highly motivated, collaborative Senior Security Compliance Manager with a practical self-starter mindset to advise and serve as a subject matter expert and play a critical trusted advisor role ensuring new system architectures and business initiatives are developed in a secure and compliant manner. You manage all aspects of Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.

This is a unique role that will be part of the team to develop and drive strategy for our PCI DSS program, drive operational excellence and program improvement, and accelerate our mission to power global travel for everyone, everywhere.

To be successful, you are organized, resourceful, possess domain knowledge on PCI DSS and security compliance and have a “can-do” attitude. You will be a key member of our security governance, risk, compliance, and privacy team and responsible for providing expert risk analysis and information to business and risk management leadership. In this role, you will establish rapport with cybersecurity leadership, as well as external consultants to help support the company’s overall PCI DSS compliance.

The role will own the end-to-end security compliance design review and enablement functions well as managing a comprehensive controls framework with industry requirements to ensure enterprise-wide PCI DSS compliance.

In this role, you will work closely with risk, compliance and security leadership and is responsible for identifying, evaluating, and reporting on the state of PCI DSS. You will manage the annual PCI DSS lifecycle, including assessments, testing, validation of controls and documentation related to compliance. In addition, you will keep pace with regulatory changes to ensure the company maintains PCI DSS compliance.

What you'll do:

• Identify and document in-scope systems and applications for the PCI DSS cardholder data environment. Guide technical teams and stakeholders to implement required controls and meet compliance

• Act as the main PCI DSS subject matter expert when internal team members have questions/need guidance and be the key liaison with external PCI advisory firms

• Complete and preserve the internal self-assessment questionnaire as needed, as well as coordinate and communicate the report on compliance

• Facilitate education and training for employees required to uphold PCI compliance

• Continuously assess and validate cardholder data environment controls and monitoring

• Support the development of compensating control alternatives where security or compliance requirements cannot be met

• Support business innovation initiatives, while ensuring PCI compliance is met.

• Support security architecture in the development of reference architectures and standard implementation procedures to ensure compliance needs are met

• Possess general knowledge of networking, encryption, authentication, payment infrastructure and application security

• Influence and validate PCI DSS controls and present regularly to security, audit, and business leadership

• Liaison with internal and external auditors to manage controls for compliance and privacy laws

• Perform other duties as assigned

Who you are:

• Over 7+ years’ experience in a dedicated information security, compliance, or technical risk management field, with 3+ years leading information security risk and compliance activities

• Demonstrated understanding of PCI DSS and general knowledge of frameworks (NIST, ISO, SOC2)

• Preferably one or more of the following: PCIP, ISA, QSA, CISA, CRISC, CISSP or PCI ISA

• Extensive knowledge of enterprise cybersecurity management practices, governance, and risk/compliance assessment methodologies

• Technical security and architecture knowledge with the ability to recognize, analyze and document deficiencies and articulate those to both technical and non-technical personnel

• Superb communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership

• Capable of working with diverse teams and promoting a positive, enterprise-wide security culture

• Strong project management, multitasking and organizational skills required

The total cash range for this position in Chicago is $127,000 to $177,500 . Employees in this role have the potential to increase their pay up to $203,000 , which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.

Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.