Cybersecurity Controls Assurance Senior Manager

Heredia, Heredia Province, Costa Rica

Apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Information Services, BiotechnologyIndustries

Requirements

Candidates must possess a Bachelor's degree in computer science, management information systems, or equivalent experience, with over 3 years of experience managing IT auditors or Information Security control assessors. A minimum of 12 years in IT Audit or Information Security control assessments, including cloud security controls, is required, along with professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor. Knowledge of standards like NIST 800-53, ISO 27001/27002, CIS Controls, and COBIT is essential, as is experience with automated and manual methods for evaluating security controls in both on-premise and cloud environments. Proficiency in communicating complex information and using partner feedback to improve processes is also necessary. Technical skills include knowledge of security tools like Sailpoint, Rapid7, Wiz.io, MS Defender, and experience with cloud security in AWS and Azure. Familiarity with automation, data-driven testing techniques, generative AI for control assurance, RSA Archer, ServiceNow, Kanban boards, and Jira is expected. Desired competencies include Big 4 consultant experience, knowledge of cybersecurity principles, mentoring junior team members, security reporting to senior management, applying security governance, risk, and control principles, proficiency in automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI), and experience with Agile working methodology.

Responsibilities

The Information Security Control Assurance Manager will lead a team in evaluating security controls for both on-premise and cloud processes to mitigate risks and ensure compliance with regulatory standards. This role involves directing the team in testing security controls to verify their design, implementation, and operational effectiveness within an Agile environment. Responsibilities include ensuring the quality of security assessments through testing, automation, and collaboration, overseeing the information security control testing program across regions, and managing teams to assess information systems per corporate security standards. The manager will design repeatable testing methodologies, including automation for cloud environments, plan control tests with risk identification and reporting criteria, and compile management reports on risks, controls, and deficiencies. They will serve as the primary contact for control tests, ensuring quality engagements and partner communications, and will work to improve the efficiency of the control testing program by standardizing indicators and testing materials.

Skills

Information Security

Control Assurance

Risk Management

Compliance

Cloud Security

Agile

Testing

Automation

Security Assessments

Team Leadership

Expedia

Travel booking platform for flights, hotels, rentals

About Expedia

Expedia Group operates in the travel industry, offering a wide range of services for travelers and travel-related businesses. It connects users with options for flights, hotels, car rentals, vacation packages, and activities through its various brands, including Expedia, Hotels.com, and Vrbo. Travelers can easily find and book trips that match their preferences and budgets. The company earns revenue primarily through commissions on bookings and advertising from travel service providers looking to promote their offerings. Additionally, Expedia Group supports its partners by providing access to valuable data and technology, helping them improve their operations and grow their businesses. The goal of Expedia Group is to create a seamless travel experience for users while maximizing the potential of its partners.

Bellevue, WashingtonHeadquarters

1996Year Founded

$3,277.3MTotal Funding

IPOCompany Stage

Consumer Goods, EntertainmentIndustries

10,001+Employees