Security Risk Analyst III
If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Security Risk Analyst III
Expedia Group (EG) Security’s GRC (Governance Risk and Compliance) team has the mission of improving the risk posture of EG by identifying, measuring, and managing cyber security and technology risks. We are seeking an expert Security Risk Analyst III to support our efforts and to expand our function in the cyber and operational risk space! You will be a critical part of the Security GRC team, passionate about driving both adoption and scaling of practices at strategic, tactical, and operational levels. You will be providing thought leadership to a passionate and motivated team of risk practitioners, leading as foremost experts with unmatched skills, capabilities, and experience, bringing risk quantification to Expedia Group.
You will be responsible for bringing subject matter expertise and being a foremost expert in quantitative risk analysis and cyber and operational risk management including the risk management lifecycle (ISO 31000-2018). We are a growing, highly visible, and highly agile team where collaboration, communication and critical thinking thrive.
What you'll do:
Conduct top-down strategic and bottom-up tactical & operational risk assessments using risk quantification
Conduct Cost/Benefit and Return on Investment analysis for risk owners
Build and model risk scenarios that translate risk concerns and business requirements
Provide thought leadership and expertise to the GRC Risk Management Team as it pertains to risk quantification and the risk management lifecycle
Coordinate and prepare meetings such as risk council, security review board and working committees to review, call out and report security risks
Contribute towards efforts that enable us to scale the risk program across Expedia Group
Work closely with internal GRC and Security teams to gather data elements required to fulfill the risk management lifecycle
Maintain, and improve the risk management lifecycle
Present risk assessments results to all levels of the organization as needed
Develop into a subject matter expert resource for the risk team and the business for all things risk management and risk quantification
Who you are:
5+ years of meaningful experience in Risk Management, Technology, Security, IT Audit or other similar risk consulting or risk advisory functions
Possess practical knowledge in the field of risk management frameworks such as FAIR (Factor Analysis of Information Risk) and ISO 31000-2018
Ability to work with both the business and security/technical teams to translate complex concepts and ideas into distillable information
Experience working with multi-functional teams such as controllership, security architecture, internal audit, and security operations
Exemplary interpersonal skills that translate to all levels of the organization
Experience with Enterprise/IT/Technology/Security risks or operational risk management functions
Excellent presentation, verbal, and written communication skills; comfortable with leading discussions and/or training sessions
Efficient at creating and maintaining documentation and standard operating procedures
Certified in OpenFAIR, CRISC, CISSP or other risk-related disciplines. The position would require the new hire to obtain OpenFAIR certification if not already held
Knowledge of statistical concepts and probability
Knowledge of GRC application workflows
Risk management consulting experience (Big 4 preferred)
Practical quantitative risk analysis experience - preferably with Factor Analysis of Information Risk (FAIR)
Practical expertise with KRI, KCI, KPI creation and long-term management
Experience owning and driving risk items through the risk management lifecycle
Experience with the RiskLens & MetricStream
Performance Profile If Applicant is not OpenFAIR Certified
Within the first 30 days: Gain a strong foundational understanding of risk and the FAIR model
Understand key terms, definitions
Learn measurement concepts around uncertainty
Understand the risk analysis process
Gain visibility into the Expedia Group landscape
Within 90 days: Become proficient in fully and independently completing common cyber risk analysis
Define and decompose risk scenarios from a problem/objective
Identify and apply data gathering concepts for the scenarios
Run and perform quality assurance over your analyzed risk scenarios Produce and accurately communicate risk in quantitative (financial) terms
Understand the RiskLens platform and how is supports each stage of the analysis process
Obtain certification for OpenFAIR
In 6 months: Become proficient in fully understanding the risk management life cycle and the processes that apply to it
Demonstrate planning and organizational disciplines
Successful self-management of objectives, timelines, and deliverables
Develop trust and relationship with customer organizations
Lead educational orientation sessions on core FAIR knowledge and concepts
Provide risk assessment expertise and support to team members as needed
Demonstrate deep understanding of the RiskLens platform, including key features and functionality
The total cash range for this position in Chicago, IL is $95,500 to $134,000. Employees in this role have the potential to increase their pay up to $153,000, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
The total cash range for this position in Austin, TX is $104,000 to $145,500. Employees in this role have the potential to increase their pay up to $166,500, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.The total cash range for this position in Seattle is $104,000.00 to $145,500.00. Employees in this role have the potential to increase their pay up to $166,500.00, which is the top of the range, based on ongoing, demonstrated, and sustained performance in the role.
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.View our full list of benefits.
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™.
© 2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
ID # R-78944-1
Job Accommodation Requests
At Expedia Group, we're committed to providing an inclusive and accessible recruiting experience for candidates with disabilities. If you require an accommodation or adjustment for any part of the application or hiring process, please let us know by completing our Accommodation Request form.