Job Description

This role will oversee the Information Security Operations and Advisory teams. The Director of Security Operations and Advisory serves as the process owner for all ongoing activities that function to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. The Security Operations team provides a suite of operationally focused services to internal customers, allowing them to remain vigilant to the state of security and compliance within their environments. Including ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global vulnerability management systems. Security Operations provides the necessary monitoring and analysis to protect information stored on Expedia, Inc. infrastructure from unauthorized access, disclosure, misuse, modification, or destruction as well as the management and maintenance of appropriate safeguards. The Security Advisory team members are tasked with performing a wide range of consulting services for the organization and must understand the environment from a business as well as technical perspective. Many of these services are mandatory to ensure that risks are assessed, mitigated or accepted prior to deployment. Specific areas of consulting services include: Architecture Planning, Development, and Review; Security Assessments and Threat Modeling; Security and Compliance Subject Matter Expertise; Application Assurance for Secure Development Lifecycle; and Risk Analysis. Responsibilities: – Oversee the management of resources on Security Operations and Assurance teams. -Improve the Security Operations and Advisory programs as new technologies, regulations and risks are identified. -Responsible for the development of the Information Security Operations and Advisory Strategy. -Responsible for obtaining input from Business Segments through Information Security Advisors regarding Information Security policies and guidelines, strategic goals, risks and risk tolerance thresholds. -Gather data and metrics on Information Security program compliance from the Business Segments. -Provide guidance and clarification on IS policies, guidelines and standards to the IS Advisors or Business Segments as needed. -Assume project management responsibilities as needed to implement initiatives -Responsible for planning and directing Operations and Advisory policies, programs and initiatives. -Develop and track operational metrics for the Operations and Advisory functions. -Relies on extensive experience and judgment to plan and accomplish goals. -Fosters teamwork and shows commitment to team objectives. -Encourages others to express their views. -Acknowledges others efforts. -Projects a positive image and serves as a role model for others. -Promotes collaboration and removes obstacles. -Develops Talent – Clear honest and constructive feedback. -Willingly shares expertise and experience with others. -Provides challenging assignments. -Manages Execution – Conveys clear expectations. -Know how to get things done in a complex, multilevel organization. -Balances big-picture with day to day activities. -A wide degree of creativity and latitude is expected. -Reports to Chief Information Security Officer. Qualifications: -Possess strong background in security operations and technology design and architecture. -Experience working with current and emerging information security technologies and development methodologies. -Provide metrics on information security operations and advisory matters to stake holders. -Must be a highly effective leader, visionary, and implementer in a decentralized, consensus-based, heterogeneous environment. -Minimum five years experience in developing and implementing high-level, multi-year, organization-wide information security strategies. -Quick thinking and be able to maintain composure under stress. -Demonstrated experience in advising and influencing senior management. -Must have excellent analytical skills and be able to break down complex, multi-faceted problems into actionable steps without over-simplification. -Commitment to root-cause analysis. -Must be able to communicate security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner. Work Experience and Education Guidelines: -10-12 years of experience in IT, with a minimum of 4 years in Infrastructure and Operations Security and Architecture. -Must have a strong track record in selecting compliance and operations solutions. -Demonstrated track record in large scale IT security operations governance, planning and monitoring -This senior position requires a comprehensive knowledge of the information security technology options, security standards, understanding of -Expedia’s brands and experience working effectively with all levels of the organization. -Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills. -Must have an in-depth understanding of network security issues, security event logging / monitoring, operating systems (Windows, Unix, Macs), Firewalls, Intrusion prevention, AV technologies, authentication mechanisms, ethical hacking tools, vulnerability assessment & scanning tools, application security assessments, incident response and knowledge of common information security management frameworks. -Comprehensive knowledge of problem analysis and excellent troubleshooting techniques -Professional security certifications such as CISSP, CISM are preferred. -Experience working with proprietary software. -Experience working with software developers. -Experience with PCI, SOX compliance. -Experience with application design reviews and threat modeling.

Company Description

Expedia, Inc. is the largest online travel company in the world, with an extensive brand portfolio that includes more than 90 localized Expedia.com®- and Hotels.com®-branded sites; leading U.S. discount travel site Hotwire®; leading agency hotel company Venere.com™; Egencia™, the world’s fifth largest corporate travel management company; the world’s largest travel community TripAdvisor® Media Network; destination activities provider ExpediaLocalExpert®; luxury travel specialist Classic Vacations®; and China’s second largest booking site eLong™. The company delivers consumers value in leisure and business travel, drives incremental demand and direct bookings to travel suppliers, and provides advertisers vast opportunity to reach the most valuable audience of in-market travel consumers anywhere through TripAdvisor Media Network and Expedia Media Solutions. Expedia also powers bookings for some of the world’s leading airlines and hotels, top consumer brands, high traffic websites, and thousands of active affiliates through Expedia® Affiliate Network. (NASDAQ: EXPE)

Our mission is to build the world’s largest and most intelligent travel marketplace, connecting more travelers with the best travel booking services and destination information, and delivering value to travel suppliers and other companies that want to reach this unmatched audience.

Collectively, the Expedia, Inc. brands cover virtually every aspect of researching, planning, and booking travel, from choosing the best airplane seat, to reading personal travel reviews of hotels, to planning what to do in a destination once you arrive. The Expedia, Inc. portfolio serves both leisure and business travelers with tastes and budgets ranging from modest to luxury. Expedia is the single largest provider of hotel bookings in the world, delivering consumer travel demand from nearly every continent to more than 130,000 hotels and hundreds of airlines, tour operators, car rental companies and destination services supply partners.

Additional Information

Posted:

April 26, 2011

Type:

Full-time

Experience:

Director

Functions:

Information Technology, Management

Industries:

Computer Software, Internet

Employer Job ID:

14941

Job ID:

1575264