If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.

Role Summary
Plans and designs technical risk management, compliance, assurance and audit projects under the guidance of program senior manager/director. Manages project resources, budget and schedule, and performs reviews of project workpapers and report prior to director reviews. Provide subject matter guidance on technical domain and complex issues.
Experience
5+ years
Education
Bachelor's or equivalent experience
Functional/ Technical Skills
CIA, CPA, CISA, OSCP, CCSK, CISM, CISSP, CDPSE, IAPP, CRISC or similar

• IT General Controls (Logical Access, Change Management, IT Operations, Program Development/SDLC);
  

• Cybersecurity concepts, risks and practices (e.g., identity access management, vulnerability management, security governance, software development, auditing and logging, micro segmentation, secure access services, PKI) and security frameworks such as NIST, ISO 27000;
  

• Cloud operations (e.g., Cloud architecture, infrastructure, networks, secure compute workloads, resiliency, data encryption, account and key management, identity access management, software development in the cloud);
  

• Data governance (e.g., frameworks, policies, third-party data risks, and data security and protection)
  

• Data privacy compliance including GDPR, CCPA, HIPAA, and other regulations;
  

• Big Data (e.g. data analysis and visualization tools, data engineering modeling, scripting language such as SQL or Python)
  Role Expectations
  

• Demonstrates and applies a deep understanding of the department's role and influence within the larger organization.
  

• Demonstrates deep understanding of how brands/divisions in the organization do business (i.e. business model and operations, financial performance, and key success factors).
  

• Demonstrates and applies a solid understanding of similar and unique functional risks and opportunities across the various functions/organizations within the broader enterprise.
  

• Applies deep understanding of the policies, practices, trends and information that impact the organization and its customers to anticipate and plan for each step of a project.
  

• Demonstrates a deep understanding of the financial, operational, and technical impact of decisions/solutions and how own role contributes to positive outcomes.
  

• Develops full project plans, defines timeframe, and prioritizes tasks to achieve project milestones and deliver intended objectives across multiple projects.
  

• Identifies the type of resources required to support a project, and makes recommendations for specific people, technology, partners, etc.
  

• Monitors overall progress to meet project milestones, timelines, specifications and requirements.
  

• Confirms comprehension and understanding of complex information (e.g., legal, operational risk, and regulatory data) by correctly and clearly answering routine questions.
  

• Creates clear, concise and organized communication materials (e.g., policies & procedures, guidelines, presentations, messages).
  

• Considers and understands the audience’s specific needs and comprehension level to determine the most appropriate message and delivery method, limiting or explaining technical language.
  

• Applies a deep understanding of electronic workpapers and/or GRC and Audit Management systems.
  

• Applies a deep understanding of IIA framework.
  

• Applies a deep understanding IT control framework.
  

• Applies a deep understanding of risk and compliance frameworks and industry best practices (e.g., ISO, COSO, COBIT, NIST, etc.)
  

• Applies a deep understanding of the legal, regulatory, and technical compliance
  
  
  

• Applies a deep understanding in one or more of these areas (IT General Controls, Cybersecurity, Cloud operations, Data governance, Data privacy compliance, or Big Data) to drive and manage technical audits or other risk and compliance-related initiatives, and support and review the identification and assessment of risks, report findings, and communication of recommendations.
  

• Identifies methods for collecting data, performs data analyses and articulates findings.
  

• Deep knowledge of risks and controls, as well as risk management principles.
  

• Prepares and/or reviews summary reports for management on the results of audits or other risk-based topics, including recommendations and explanation of findings.
  

• Effectively interprets audit analyses and reports demonstrating deep knowledge.
  

• Operates as subject matter expert in advising management on remediation plan development and risk mitigation strategies

About Expedia Group

Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.

© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.