Information Security Specialist Lead at Expedia

Heredia, Heredia Province, Costa Rica

Apply Now
Expedia Logo
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Financial Services, Technology, Data AnalyticsIndustries

Requirements

  • 5+ years of experience performing IT Audit, Information Security control assessments
  • Experience with GRC tools, such as Archer
  • Knowledge of information security frameworks such as ISO 27001/2, NIST CSF, PCI DSS, and HIPAA
  • Knowledge of information security risk management/analysis frameworks such as Open FAIR, NIST 800-37, NIST 800-39
  • Knowledge of governance, risk, and controls principles and operational impacts of cybersecurity lapses
  • Knowledge of IT technologies and methods to secure them with a knowledge of Cloud security. A working knowledge of AWS cloud environment is beneficial
  • Guide the Risk and Control teams continuing maturity using new technologies such as AI and ML
  • Proficient in security control design, implementation, and evaluation
  • Proficient in performing impact/risk assessment
  • Experience facilitating small to medium size group meetings with senior leadership audiences
  • Bachelor's degree in computer science, management information systems or relevant field or equivalent

Responsibilities

  • Lead the security risk and controls team in engaging with Regional BU and Centralized security and IT control owners across the Enterprise to populate the controls library
  • Maintain and update the integrated risk and controls framework based on information security policies and industry best practices and standards
  • Review control activities populated by control owners to ensure they align with requirements outlined in control standards and goals
  • Identify, document, and report control activity gaps and provide recommendations for remediation
  • Compile management reports, summary analysis, and detailed presentations to describe risk and controls program
  • Develop and present content for controls implementation workshops with control owners across the Enterprise
  • Ensure information security controls are aligned and mapped to applicable risks (risk types and risk register entries) in Archer GRC platform
  • Monitor and stay informed about internal and external risk indicators for impacts and potential disruptions to Experian and our mission. Provide these risk indicators as inputs to control assurance and other EGSO activities
  • Contribute to the efficiency of the risk and controls program by ensuring that processes and methodologies are standardized, and stakeholder feedback is captured to ensure improvement and an engagement model

Skills

Key technologies and capabilities for this role

Information SecurityRisk ManagementControls FrameworkCybersecuritySecurity PoliciesIT ControlsRisk Assessment

Questions & Answers

Common questions about this position

Is this position remote or on-site?

This is an on-site position.

What are the main responsibilities of the Information Security Specialist Lead?

Responsibilities include leading the security risk and controls team, maintaining the integrated risk and controls framework, reviewing control activities, identifying gaps, compiling reports, developing workshop content, ensuring controls alignment in Archer GRC, and monitoring risk indicators.

What is the salary or compensation for this role?

This information is not specified in the job description.

What does the company culture or team structure look like?

You will be a lead member of the risk and controls team reporting to the Information Security Director, collaborating with partners across all Security and IT teams, Regional BU, and Centralized security and IT control owners in a global company with 22,500 people across 32 countries.

What makes a strong candidate for this Information Security Specialist Lead role?

A strong candidate should have leadership experience in security risk and controls, expertise in risk frameworks, GRC platforms like Archer, and the ability to engage stakeholders, standardize processes, and stay informed on risk indicators.

Expedia

Travel booking platform for flights, hotels, rentals

Website

About Expedia

Expedia Group operates in the travel industry, offering a wide range of services for travelers and travel-related businesses. It connects users with options for flights, hotels, car rentals, vacation packages, and activities through its various brands, including Expedia, Hotels.com, and Vrbo. Travelers can easily find and book trips that match their preferences and budgets. The company earns revenue primarily through commissions on bookings and advertising from travel service providers looking to promote their offerings. Additionally, Expedia Group supports its partners by providing access to valuable data and technology, helping them improve their operations and grow their businesses. The goal of Expedia Group is to create a seamless travel experience for users while maximizing the potential of its partners.

Bellevue, WashingtonHeadquarters
1996Year Founded
$3,277.3MTotal Funding
IPOCompany Stage
Consumer Goods, EntertainmentIndustries
10,001+Employees

Benefits

Competitive Paid Time Off
Travel Discounts
Healthcare Flexible Spending Accounts
Employee Assistance Program
Wellness & Travel Reimbursement
Workplace Accomodations
Medical, Dental, & Vision Insurance
Matching Gifts
New Parental Benefits

Risks

Riyadh Air's entry could increase competition, affecting Expedia's market share.
CFO transition may lead to strategic shifts impacting financial management and investor confidence.
Expedia's partnerships may strain resources, affecting service quality if not managed well.

Differentiation

Expedia offers a comprehensive suite of travel services under one platform.
The company leverages a diverse portfolio of brands like Hotels.com and Vrbo.
Expedia provides partners with valuable data and technology to optimize their offerings.

Upsides

Expedia can capitalize on the rise of 'workcations' with longer stay packages.
The trend of 'bleisure' travel offers opportunities for specialized leisure-business packages.
Increased demand for personalized travel experiences can enhance user engagement for Expedia.

Related Jobs

United States +1 more
Remote iconRemote

Information Security Manager

Geoforce
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Remote
Remote iconRemote

Chief Product Evangelist

Rescale
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Remote
Remote iconRemote

Inventory Control Specialist

Vultr
Salary not specified
Washington
Remote iconRemote

Security Governance Risk & Compliance (GRC) Analyst

Virtru
$130,000 - $180,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
New York
Remote iconRemote

IT Risk & Compliance Analyst

Angi
Salary not specified
  • Employment type iconFull Time
  • Experience level iconMid-level (3 to 4 years)
Remote
Remote iconRemote

Senior Assurance Manager

Phaidra
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Enterprise Security Engineer

OpenAI
$260,000 - $325,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
San Francisco +2 more
Remote iconRemote

GRC Manager

Baseten
$150,000 - $250,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)

Land your dream remote job 3x faster with AI

Try Jobo Free