Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us?
To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.
We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.
Director, Risk Management
Introduction to the team:
Expedia Technology teams partner with our Product teams to create innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
As a leader on our security team, you will be at the forefront of safeguarding Expedia Group's global digital landscape. This role is pivotal in shaping and implementing a mature, proactive cyber risk management program. You will collaborate with teams across technology, product, and business units to embed security into our DNA, protect our travelers and partners, and enable the company to achieve its strategic goals securely.
In this role, you will:
Develop and implement a multi-year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership
Oversee the end-to-end risk lifecycle, from identification and assessment using NIST-aligned methodologies to response, monitoring, and authorization
Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision-making
Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and DevOps processes
Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks
Build, lead, and mentor a high-performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement
Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives
Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies
Model and reinforce Expedia Group’s values, promoting an environment where people feel valued, motivated, and inspired to excel
Minim um Qual ifications :
Bachelor’s degree in a related technical field; or Equivalent related professional experience
10+ years of experience in cyber risk management
5+ years of experience in managing teams
Proven ability to assess and manage risks in cloud-native architectures (AWS, Azure, GCP), agile development, and data-driven platforms
Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA)
Preferred Qualifications :
Experience within high-growth technology or SaaS environments
Industry certifications such as CRISC, CISA, CISSP, or ISO 31000
Demonstrated success in cross-functional leadership, proficient executive communication, and building scalable risk programs
Experience with automation, risk register normalization, and continuous monitoring of key controls
Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies
Experience in advocating for inclusive talent practices that attract and retain diverse, high-potential individuals prepared to lead in a dynamic environment
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent ( IATAN ) membership. View our full list of benefits .
Accommodation requests
If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request .
We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.
Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST:
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs .
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.