Security Operations Analyst III
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Security Operations Analyst III
Are you a highly motivated, experienced & curious security risk and compliance professional who can address the challenges of increasing our security posture and building trust across Expedia Group (EG)? Can you play a role in an enterprise-wide security risk and compliance strategic initiatives, collaborate cross functionally to identify and communicate security compliance requirements and provide leadership level visibility into current risk, security and compliance posture? Do you have the discipline to deliver results with a strong passion for ownership and driving change?
Expedia Security and Privacy (ESP) GRC Trust and Enablement team is seeking an experienced Security Operations Analyst! This position requires a mix of broad business and technical acumen with strong people skills, the ability to inspire and influence decisions around security compliance management, and a polished ability to communicate with key stakeholders and internal customers. In this role the mission is to earn, build, and help enable teams within Expedia Group by owning the Privacy, Security and Compliance (PSC) assessment process and work with stakeholder reviewing teams to ensure that Expedia Group’s privacy, security, and compliance postures are built into everything EG does. You will be the trusted adviser and program driver to ensure EG is enabled to perform at their best while being secure by design.
In turn, the role will enable enterprise customers and collaboration with security compliance teams across the organization to drive programs that promote trust, compliance and contribute to Expedia Group’s overall security and compliance health.
The role will drive programs that help the ESP Trust and Enablement team scale through process improvement oversight and consistent delivery methods. Beyond possessing domain knowledge on security risk and compliance (preferably in a highly dynamic environment), you are organized, resourceful and able to build strong relationships and trust across the enterprise. In this role, you demonstrate your ability to build out a long-term trust and enablement strategy, analyze and think out-of-box to find solutions to hard technical problems, and execute towards the enterprise security north star. Your knowledge and experience with security frameworks and compliance initiatives, such as NIST CSF, ISO 27xxx, PCI, and SOC 2 will be an asset.
What you’ll do:
Own improvements to the GRC Trust and Enablement team, the program management process and PSC implementation projects in coordination with the service teams
Support the team to develop and communicate policies, procedures, guidelines, and plans to internal stakeholders regarding security, compliance and privacy risk management
Provide thought leadership and foster collaboration with the GRC Trust and Enablement Team and external stakeholders
Conduct top-down strategic evaluations against program to ensure efficiency and alignment with enterprise-wide initiatives
Establish credibility and maintain strong working relationships with the business to understand enterprise objectives, initiatives, and cybersecurity risks
Report and communicate status and metrics to leadership and division partners in a consistent voice and format
Work closely with internal GRC and Security teams to gather data elements required to inform the Trust and Enablement team initiatives
Who you are:
Bachelor's in Information Security or related technical field; or equivalent professional experience and industry certifications
5+ years of experience in a dedicated information security, compliance, or technical risk management field
Extensive knowledge of enterprise cybersecurity management practices, governance, and risk/compliance methodologies
Strong communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus among partners and leadership to technical and non-technical teams
An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
Knowledge of regulatory and industry frameworks such as NIST, ISO, PCI, SOC2, etc.
Information Security Certification(s) such as CISSP, CRISC, CISA, CISM or similar certifications preferred
Practical expertise with KRI, KCI, KPI creation and long-term management
Experience with GRC tooling and tech platforms
Excellent presentation, verbal, and written communication skills; comfortable with leading discussions and/or training sessions
Efficient at creating and maintaining documentation and standard operating procedures
The total cash range for this position in Austin is $104,000 to $145,500. Employees in this role have the potential to increase their pay up to $166,500, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
The total cash range for this position in Chicago is $95,500 to $134,000. Employees in this role have the potential to increase their pay up to $153,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
The total cash range for this position in Seattle is $104,000.00 to $145,500.00. Employees in this role have the potential to increase their pay up to $166,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.