Company: Expedia Inc.
Location: Bellevue, WA, US
Position Description
Position Overview: Director of Security Operations
Expedia, Inc. is looking for a seasoned information security professional to become one of the leaders of its Enterprise Information Security team. The Information Security Operations team is responsible for the security of all Expedia information assets in both our corporate and eCommerce environments across multiple global sites.
This role will oversee the Information Security Operations teams. The Director of Security Operations serves as the process owner for all ongoing activities that function to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. The Security Operations team provides a suite of operationally focused services to internal customers, allowing them to remain vigilant to the state of security and compliance within their environments. Including ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global vulnerability management systems. Security Operations provides the necessary monitoring and analysis to protect information stored on Expedia, Inc. infrastructure from unauthorized access, disclosure, misuse, modification, or destruction as well as the management and maintenance of appropriate safeguards.
Responsibilities:
- Oversee the management of resources on Security Operations teams.
- Improve the Security Operations programs as new technologies, regulations and risks are identified.
- Responsible for the development of the Information Security Operations Strategy.
- Assume project management responsibilities as needed to implement initiatives
- Responsible for planning and directing Operations policies, programs and initiatives.
- Develop and track operational metrics for the Operations functions.
- Relies on extensive experience and judgment to plan and accomplish goals.
- Fosters teamwork and shows commitment to team objectives.
- Encourages others to express their views.
- Acknowledges others efforts.
- Projects a positive image and serves as a role model for others.
- Promotes collaboration and removes obstacles.
- Develops Talent
- Clear honest and constructive feedback.
- Willingly shares expertise and experience with others.
- Provides challenging assignments.
- Manages Execution
- Conveys clear expectations.
- Know how to get things done in a complex, multilevel organization.
- Balances big-picture with day to day activities.
- A wide degree of creativity and latitude is expected.
- Provide leadership for the Security Operations in the following areas: vulnerability management, intrusion detection systems, security event analysis, and filtering systems.
- Able to translate security vulnerabilities into risk-based business recommendations.
- Establish effective snapshots on daily, weekly, and monthly cycles to highlight progress, vulnerability, and status of Expedia, Inc. environments
- Reports to Senior Director of EIS.
Qualifications:
- Candidate must have demonstrated experience in providing excellent customer support services and an aptitude to work directly with business partners to deliver quality business solutions on schedule.
- Possess strong background in security operations and technology design and architecture.
- Experience working with current and emerging information security technologies and development methodologies.
- Provide metrics on information security operations matters to stake holders.
- Must be a highly effective leader, visionary, and implementer in a decentralized, consensus-based, heterogeneous environment.
- Minimum three years’ experience in developing and implementing high-level, multi-year, organization-wide information security strategies.
- Quick thinking and be able to maintain composure under stress.
- Demonstrated experience in advising and influencing senior management.
- Must have excellent analytical skills and be able to break down complex, multi-faceted problems into actionable steps without over-simplification.
- Commitment to root-cause analysis.
- Must be able to communicate security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner.
- Report writing and project management experience is essential. Performing written and oral presentations on completion of a project is expected.
Technical Requirements:
- Experienced at working effectively with all levels of the organization.
- Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills.
- Must have an in-depth understanding of network security issues, security event logging / monitoring, operating systems (Windows, Unix, Macs), Firewalls, Intrusion prevention, AV technologies, authentication mechanisms, ethical hacking tools, vulnerability assessment & scanning tools, application security assessments, incident response and knowledge of common information security management frameworks.
- Comprehensive knowledge of problem analysis and excellent troubleshooting techniques
Preferred Qualifications:
- Professional security certifications such as CISSP, CISM, SSCP, SANS GIAC, GSEC are preferred.
- Experience working with proprietary software development.
- Experience working with software developers.
- Experience with PCI, SOX compliance, and other regulatory requirements.
- Experience with application design reviews and threat modeling.
Work Experience and Education Guidelines:
- 8-12 years of experience in IT, with a minimum of 4 years in Infrastructure and Operations Security, and Architecture/Engineering.
- Must have a strong track record in selecting compliance and operations solutions.
- Demonstrated track record in large scale IT security operations governance, planning and monitoring.
- Bachelors in Computer Science or related field or equivalent experience.
About Expedia, Inc.
Expedia, Inc. is the largest online travel company in the world, with an extensive brand portfolio that includes some of the world’s leading online travel brands, including:
- Expedia.com®, the world’s largest full service online travel agency, with localized sites in 30 countries
- Hotels.com®, the hotel specialist with sites in more than 60 countries
- Leading discount travel site Hotwire®, which offers opaque deals in nine countries on its eight sites in North America and Europe
- Egencia®, the world’s fifth largest corporate travel management company
- China’s second largest booking site eLong™
- Leading agency hotel company Venere.com™
- Destination services and activities provider Expedia Local Expert®
- Luxury travel specialist Classic Vacations®
This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s I-9 to confirm work authorization.
Location: Bellevue, WA, US
Position Description
Position Overview: Director of Security Operations
Expedia, Inc. is looking for a seasoned information security professional to become one of the leaders of its Enterprise Information Security team. The Information Security Operations team is responsible for the security of all Expedia information assets in both our corporate and eCommerce environments across multiple global sites.
This role will oversee the Information Security Operations teams. The Director of Security Operations serves as the process owner for all ongoing activities that function to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. The Security Operations team provides a suite of operationally focused services to internal customers, allowing them to remain vigilant to the state of security and compliance within their environments. Including ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global vulnerability management systems. Security Operations provides the necessary monitoring and analysis to protect information stored on Expedia, Inc. infrastructure from unauthorized access, disclosure, misuse, modification, or destruction as well as the management and maintenance of appropriate safeguards.
Responsibilities:
- Oversee the management of resources on Security Operations teams.
- Improve the Security Operations programs as new technologies, regulations and risks are identified.
- Responsible for the development of the Information Security Operations Strategy.
- Assume project management responsibilities as needed to implement initiatives
- Responsible for planning and directing Operations policies, programs and initiatives.
- Develop and track operational metrics for the Operations functions.
- Relies on extensive experience and judgment to plan and accomplish goals.
- Fosters teamwork and shows commitment to team objectives.
- Encourages others to express their views.
- Acknowledges others efforts.
- Projects a positive image and serves as a role model for others.
- Promotes collaboration and removes obstacles.
- Develops Talent
- Clear honest and constructive feedback.
- Willingly shares expertise and experience with others.
- Provides challenging assignments.
- Manages Execution
- Conveys clear expectations.
- Know how to get things done in a complex, multilevel organization.
- Balances big-picture with day to day activities.
- A wide degree of creativity and latitude is expected.
- Provide leadership for the Security Operations in the following areas: vulnerability management, intrusion detection systems, security event analysis, and filtering systems.
- Able to translate security vulnerabilities into risk-based business recommendations.
- Establish effective snapshots on daily, weekly, and monthly cycles to highlight progress, vulnerability, and status of Expedia, Inc. environments
- Reports to Senior Director of EIS.
Qualifications:
- Candidate must have demonstrated experience in providing excellent customer support services and an aptitude to work directly with business partners to deliver quality business solutions on schedule.
- Possess strong background in security operations and technology design and architecture.
- Experience working with current and emerging information security technologies and development methodologies.
- Provide metrics on information security operations matters to stake holders.
- Must be a highly effective leader, visionary, and implementer in a decentralized, consensus-based, heterogeneous environment.
- Minimum three years’ experience in developing and implementing high-level, multi-year, organization-wide information security strategies.
- Quick thinking and be able to maintain composure under stress.
- Demonstrated experience in advising and influencing senior management.
- Must have excellent analytical skills and be able to break down complex, multi-faceted problems into actionable steps without over-simplification.
- Commitment to root-cause analysis.
- Must be able to communicate security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner.
- Report writing and project management experience is essential. Performing written and oral presentations on completion of a project is expected.
Technical Requirements:
- Experienced at working effectively with all levels of the organization.
- Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills.
- Must have an in-depth understanding of network security issues, security event logging / monitoring, operating systems (Windows, Unix, Macs), Firewalls, Intrusion prevention, AV technologies, authentication mechanisms, ethical hacking tools, vulnerability assessment & scanning tools, application security assessments, incident response and knowledge of common information security management frameworks.
- Comprehensive knowledge of problem analysis and excellent troubleshooting techniques
Preferred Qualifications:
- Professional security certifications such as CISSP, CISM, SSCP, SANS GIAC, GSEC are preferred.
- Experience working with proprietary software development.
- Experience working with software developers.
- Experience with PCI, SOX compliance, and other regulatory requirements.
- Experience with application design reviews and threat modeling.
Work Experience and Education Guidelines:
- 8-12 years of experience in IT, with a minimum of 4 years in Infrastructure and Operations Security, and Architecture/Engineering.
- Must have a strong track record in selecting compliance and operations solutions.
- Demonstrated track record in large scale IT security operations governance, planning and monitoring.
- Bachelors in Computer Science or related field or equivalent experience.
About Expedia, Inc.
Expedia, Inc. is the largest online travel company in the world, with an extensive brand portfolio that includes some of the world’s leading online travel brands, including:
- Expedia.com®, the world’s largest full service online travel agency, with localized sites in 30 countries
- Hotels.com®, the hotel specialist with sites in more than 60 countries
- Leading discount travel site Hotwire®, which offers opaque deals in nine countries on its eight sites in North America and Europe
- Egencia®, the world’s fifth largest corporate travel management company
- China’s second largest booking site eLong™
- Leading agency hotel company Venere.com™
- Destination services and activities provider Expedia Local Expert®
- Luxury travel specialist Classic Vacations®
This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee’s I-9 to confirm work authorization.