Director, Risk Management

About The Position

Requirements

• Bachelor's degree in a related technical field; or Equivalent related professional experience
• 10+ years of experience in cyber risk management
• 5+ years of experience in managing teams
• Proven ability to assess and manage risks in cloud-native architectures (AWS, Azure, GCP), agile development, and data-driven platforms
• Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA)

Nice To Haves

• Experience within high-growth technology or SaaS environments
• Industry certifications such as CRISC, CISA, CISSP, or ISO 31000
• Demonstrated success in cross-functional leadership, proficient executive communication, and building scalable risk programs
• Experience with automation, risk register normalization, and continuous monitoring of key controls
• Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies
• Experience in advocating for inclusive talent practices that attract and retain diverse, high-potential individuals prepared to lead in a dynamic environment

Responsibilities

• Develop and implement a multi-year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership
• Oversee the end-to-end risk lifecycle, from identification and assessment using NIST-aligned methodologies to response, monitoring, and authorization
• Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision-making
• Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and DevOps processes
• Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks
• Build, lead, and mentor a high-performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement
• Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives
• Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies
• Model and reinforce Expedia Group's values, promoting an environment where people feel valued, motivated, and inspired to excel

Benefits

• We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey.
• Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program.
• To fuel each employee's passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership.