Director, Risk Management

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.

Why Join Us?

To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.

We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.

Director, Risk Management

Introduction To The Team

Expedia Technology teams partner with our Product teams to create innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.

As a leader on our security team, you will be at the forefront of safeguarding Expedia Group's global digital landscape. This role is pivotal in shaping and implementing a mature, proactive cyber risk management program. You will collaborate with teams across technology, product, and business units to embed security into our DNA, protect our travelers and partners, and enable the company to achieve its strategic goals securely.

In This Role, You Will

• Develop and implement a multi-year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership
• Oversee the end-to-end risk lifecycle, from identification and assessment using NIST-aligned methodologies to response, monitoring, and authorization
• Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision-making
• Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and Dev Ops processes
• Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks
• Build, lead, and mentor a high-performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement
• Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives
• Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies
• Model and reinforce Expedia Group’s values, promoting an environment where people feel valued, motivated, and inspired to excel

• Bachelor’s degree in a related technical field; or Equivalent related professional experience
• 10+ years of experience in cyber risk management
• 5+ years of experience in managing teams
• Proven ability to assess and manage risks in cloud-native architectures (AWS, Azure, GCP), agile development, and data-driven platforms
• Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA)

• Experience with in high-growth technology or SaaS environments
• Industry certifications such as CRISC, CISA, CISSP, or ISO 31000
• Demonstrated success in cross-functional leadership, proficient executive communication, and building scalable risk programs
• Experience with automation, risk register normalization, and continuous monitoring of key controls
• Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies
• Experience in advocating for inclusive talent practices that attract and retain diverse, high-potential individuals prepared to lead in a dynamic environment