Skip to main content
Back to results

Security Operations Analyst II (Security Risk Management)

If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.

Security Operations Analyst II (Security Risk Management)

You will be a critical part of the Security GRC team, passionate about driving both adoption and scaling of practices at strategic, tactical, and operational levels. We strive to build standards and best practices to help us drive better decision-making and maintain a secure environment across Expedia Group! You will be providing thought leadership and project management expertise to a passionate and motivated team of risk practitioners, leading as foremost experts with unmatched skills, capabilities, and experience, bringing risk quantification to Expedia Group.

This role requires a combination of risk management and project management expertise. You will be responsible for managing all project management elements of the risk management lifecycle This work will primarily be within the Risk Register and includes managing and monitoring risk action plan (mitigation plans) progress, remediation activities, and period risk assessment results reviews.

We are a growing, highly visible, and highly agile team where collaboration, communication and critical thinking thrive.

What you'll do:

  • Maintain the GRC Team Risk Register and Issues log

  • Assist with developing and maintain the team’s roadmap and continuous improvement initiatives

  • Develop and maintain risk program project plans

  • Manage and monitor risk action plans (mitigation and remediation) in conjunction with risk owners

  • Manage the risk monitoring process for risk assessments that are up to be reviewed

  • Coordinate and prepare meetings for stakeholders, such as the security review board and risk owners

  • Contribute towards efforts that enables scalability of the risk management program

  • Work closely with internal GRC and Security stakeholders to gather data elements required to drive risk scenarios through the risk management lifecycle

  • Own, maintain, and improve the risk management lifecycle

  • Present risk assessment results to all levels of the organization as needed

  • Be able to speak on the risk management framework (ISO 31000-2018) and the risk analysis model (FAIR)

  • Contribute to creating, maintaining, and improving risk management program processes, program artifacts, and deliverables

Who you are:

  • 2+ years of practical experience in Risk Management, Technology, Security, IT Audit or other similar risk consulting or risk advisory functions

  • +2 years of practical experience managing technical projects

  • Bachelor's or Master's degree in a related technical field; or equivalent related professional experience

  • Possess practical knowledge of risk management frameworks such as FAIR (Factor Analysis of Information Risk) and ISO 31000-2018

  • Possesses practical experience running projects through project management frameworks such as Waterfall and Agile

  • Has the ability to work with both the business and security/technical teams to translate complex concepts and ideas into distillable information

  • Experience working with multi-functional teams such as controllership, security architecture, internal audit, and security operations

  • Exemplary interpersonal skills that translate to all levels of the organization

  • Has familiarity with cyber and operational risk management functions

  • Excellent presentation, verbal, and written communication skills; comfortable with leading discussions and/or training sessions

  • Experience with creating and maintaining documentation and standard operating procedures, and project plans

  • Foundational knowledge in cyber security concepts

  • Foundational knowledge in FAIR risk modeling

  • Certified in OpenFAIR, CRISC, CISSP, PMI, or other risk and project-related disciplines. The position would require the new hire to obtain OpenFAIR certification if not already held

  • Knowledge of statistical concepts and probability

  • Risk management consulting experience (Big 4 preferred)

  • Project management consulting experience (Big 4 preferred)

  • Practical quantitative risk analysis experience - preferably with Factor Analysis of Information Risk (FAIR)

  • Experience owning and driving risk items through the risk management lifecycle

  • Experience with RiskLens & MetricStream

Performance Profile If Applicant is not OpenFAIR Certified

Within the first 60 days: Gain a strong foundational understanding of risk and the FAIR model

  • Understand key terms, definitions

  • Learn measurement concepts around uncertainty

  • Understand the risk analysis process

  • Gain visibility into the Expedia Group landscape

Within 120 days: Become proficient in fully and independently completing common cyber risk analysis

  • Define and decompose risk scenarios from a problem/objective

  • Identify and apply data gathering concepts for the scenarios

  • Run and perform quality assurance over your analyzed risk scenarios Produce and accurately communicate risk in quantitative (financial) terms

  • Understand the RiskLens platform and how is supports each stage of the analysis process

  • Obtain certification for OpenFAIR

In 6 months: Become proficient in fully understanding the risk management life cycle and the processes that apply to it

  • Demonstrate planning and organizational disciplines

  • Successful self-management of objectives, timelines, and deliverables

  • Develop trust and relationship with customer organizations

  • Lead educational orientation sessions on core FAIR knowledge and concepts

  • Provide risk assessment expertise and support to team members as needed

  • Demonstrate deep understanding of the RiskLens platform, including key features and functionality

The total cash range for this position in Austin is $84,000 to $117,500 . Employees in this role have the potential to increase their pay up to $134,500, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

The total cash range for this position in Chicago is $77,000 to $107,500. Employees in this role have the potential to increase their pay up to $123,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

The total cash range for this position in Seattle is $84,000.00 to $117,500.00. Employees in this role have the potential to increase their pay up to $134,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.

Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.

Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.

About Expedia Group

Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®,®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®,™, and Expedia Cruises™.

© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is The official website to find and apply for job openings at Expedia Group is

Expedia iscommittedto creating an inclusive workenvironmentwith a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
  • United States - Washington - Seattle

  • Technology

  • Full-Time Regular

  • 03/01/2023

  • ID # R-80251

Job Accommodation Requests

At Expedia Group, we're committed to providing an inclusive and accessible recruiting experience for candidates with disabilities. If you require an accommodation or adjustment for any part of the application or hiring process, please let us know by completing our Accommodation Request form.