Expedia, Inc.
Expedia Group brands power global travel for everyone, everywhere. We design cutting‑edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and when one of us wins, we all win.
Introduction to the team Expedia Technology teams partner with our Product teams to create innovative products, services, and tools to deliver high‑quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
About the role As a leader on our security team, you will be at the forefront of safeguarding Expedia Group's global digital landscape. This role is pivotal in shaping and implementing a mature, proactive cyber risk management program. You will collaborate with teams across technology, product, and business units to embed security into our DNA, protect our travelers and partners, and enable the company to achieve its strategic goals securely.
Responsibilities
Develop and implement a multi‑year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership.
Oversee the end‑to‑end risk lifecycle, from identification and assessment using NIST‑aligned methodologies to response, monitoring, and authorization.
Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision‑making.
Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and DevOps processes.
Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks.
Build, lead, and mentor a high‑performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement.
Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives.
Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies.
Model and reinforce Expedia Group’s values, promoting an environment where people feel valued, motivated, and inspired to excel.
Minimum Qualifications
Bachelor’s degree in a related technical field; or equivalent related professional experience.
10+ years of experience in cyber risk management.
5+ years of experience managing teams.
Proven ability to assess and manage risks in cloud‑native architectures (AWS, Azure, GCP), agile development, and data‑driven platforms.
Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA).
Preferred Qualifications
Experience within high‑growth technology or SaaS environments.
Industry certifications such as CRISC, CISA, CISSP, or ISO 31000.
Demonstrated success in cross‑functional leadership, proficient executive communication, and building scalable risk programs.
Experience with automation, risk register normalization, and continuous monitoring of key controls.
Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies.
Experience in advocating for inclusive talent practices that attract and retain diverse, high‑potential individuals prepared to lead in a dynamic environment.
Compensation The total cash range for this position in Seattle is $201,000.00 to $281,500.00. The potential maximum pay is $321,500.00 based on sustained performance. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, an Employee Assistance Program, wellness and travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.
Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability or other physical or mental health condition, please reach out to our Recruiting Accommodations Team through the Accommodation Request page.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E‑Verify. The employer will provide the SSA and, if necessary, DHS with information from each new employee's I‑9 to confirm work authorization.
#J-18808-Ljbffr
Why Join Us? To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and when one of us wins, we all win.
Introduction to the team Expedia Technology teams partner with our Product teams to create innovative products, services, and tools to deliver high‑quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
About the role As a leader on our security team, you will be at the forefront of safeguarding Expedia Group's global digital landscape. This role is pivotal in shaping and implementing a mature, proactive cyber risk management program. You will collaborate with teams across technology, product, and business units to embed security into our DNA, protect our travelers and partners, and enable the company to achieve its strategic goals securely.
Responsibilities
Develop and implement a multi‑year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership.
Oversee the end‑to‑end risk lifecycle, from identification and assessment using NIST‑aligned methodologies to response, monitoring, and authorization.
Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision‑making.
Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and DevOps processes.
Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks.
Build, lead, and mentor a high‑performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement.
Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives.
Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies.
Model and reinforce Expedia Group’s values, promoting an environment where people feel valued, motivated, and inspired to excel.
Minimum Qualifications
Bachelor’s degree in a related technical field; or equivalent related professional experience.
10+ years of experience in cyber risk management.
5+ years of experience managing teams.
Proven ability to assess and manage risks in cloud‑native architectures (AWS, Azure, GCP), agile development, and data‑driven platforms.
Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA).
Preferred Qualifications
Experience within high‑growth technology or SaaS environments.
Industry certifications such as CRISC, CISA, CISSP, or ISO 31000.
Demonstrated success in cross‑functional leadership, proficient executive communication, and building scalable risk programs.
Experience with automation, risk register normalization, and continuous monitoring of key controls.
Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies.
Experience in advocating for inclusive talent practices that attract and retain diverse, high‑potential individuals prepared to lead in a dynamic environment.
Compensation The total cash range for this position in Seattle is $201,000.00 to $281,500.00. The potential maximum pay is $321,500.00 based on sustained performance. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, an Employee Assistance Program, wellness and travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.
Accommodation requests If you need assistance with any part of the application or recruiting process due to a disability or other physical or mental health condition, please reach out to our Recruiting Accommodations Team through the Accommodation Request page.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E‑Verify. The employer will provide the SSA and, if necessary, DHS with information from each new employee's I‑9 to confirm work authorization.
#J-18808-Ljbffr