Security Compliance Manager, PCI
Expedia Group’s security posture is one of Expedia Service’s top priorities and a key foundation for our transformation to build the world’s trusted travel platform and to power global travel for everyone, everywhere. To support meeting that mission, Expedia Group Security is in search of a technical and PCI experienced Security Compliance Manager who has worked in a regulated environment.
Do you understand cloud operational and security processes, optimally build, establish, and communicate security controls, and support changes within the organization through effective development and testing? Consider being a part of our Security team of professionals.
To be successful, you'll be organized, inventive, and possess technical domain knowledge on security and Payment Card Industry (PCI) compliance. As a key member of our Security Governance, Risk and Compliance (GRC) team, you’ll have a solid foundation in cloud security and compliance, with a willingness to dive into a complex environment and passion for driving change. In this role, you will demonstrate ability to analyze hard problems and provide pragmatic solutions and recommendations. Along with your knowledge of PCI, your experience in NIST CSF, ISO 27001, FedRAMP, or SOC 2 will be an asset!
What you'll do:
· Establish credibility and maintain strong working relationships with groups in involved with payment security and compliance matters
· Evaluate the design efficiency of security controls based upon industry standard methodology (e.g. COBIT, ITIL) in accordance with compliance requirements
· Participate in and drive external certification and partner audit events, including scoping, sample and evidence delivery, and onsite facilitation
· Drive appropriate meeting cadence required to achieve and maintain for a successful audit
· Facilitate efficient communication across all levels of an audit to ensure consistency in reaching the audit's goals, and to help in the recognition of any potential opportunities, risks, or complications
· Assist in the analysis and definition of security requirements and help with ongoing maintenance and support of security controls
· Lead and own the development of medium to complex multi-functional compliance and audit related projects
· Hold business partners accountable for timely and quality execution of objectives
Who you are:
· A minimum of 6 years job related experience in security compliance or technical engineering field
· Recently worked in a regulated environment, dealing with PCI-DSS & managing compliance assessments
· Knowledge related to coordinating and securing operating systems, database platforms, endpoint security and network infrastructure, with a focus on cloud infrastructure preferred
· Experience and knowledge over secure coding and application security preferred
· Ability to recognize/analyze/and document deficiencies and articulate those to both technical and non-technical key management personnel
· Experience using a risk-based audit approach in evaluations of and recommendations for management processes
· An understanding of Information Security frameworks, processes, technologies, and practices, including NIST and ISO27xxx standards
· Information Security Certification(s) with demonstrated work experience preferred. Desired certifications include CISA, CISSP, PCI ISA
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, Egencia®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.