Director, Risk Management
Content + Source + Freshness • 12 Dec 2025 • 95% confidence
Offer value
High value due to competitive salary range, strong leadership role, and meaningful impact on cybersecurity in a global organization.
- Salary range: $201,000–$281,500/year
- Leadership role in a large tech company
- Impactful position with global security initiatives
- Requires significant expertise in cyber risk
Pros
- Generous salary range ($201,000–$281,500/year)
- Position in a leading tech firm with significant market influence
- Opportunity to lead and shape risk management strategies
Cons
- High pressure and responsibility associated with the role
- Significant experience required (10+ years in cyber risk)
- Need to address multiple compliance frameworks
Who it's for
Senior / Executive • Hybrid / Office
Good fit
- Experienced cyber risk managers
- Leaders looking to influence corporate security strategies
- Professionals aiming to work in a dynamic tech environment
Not recommended for
- Junior candidates without relevant experience
- Those preferring lower responsibility roles
- Individuals not involved in risk assessment or management
Motivation fit
Key skills
About the job
Director, Risk Management
-
United States - Texas - Austin
-
Technology
-
Full-Time Regular
-
10/22/2025
-
ID # R-98406-1
Share this position
Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.
Why Join Us?
To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.
We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.
Director, Risk Management
Introduction to the team:
Expedia Technology teams partner with our Product teams to create innovative products, services, and tools to deliver high-quality experiences for travelers, partners, and our employees. A singular technology platform powered by data and machine learning provides secure, differentiated, and personalized experiences that drive loyalty and traveler satisfaction.
As a leader on our security team, you will be at the forefront of safeguarding Expedia Group's global digital landscape. This role is pivotal in shaping and implementing a mature, proactive cyber risk management program. You will collaborate with teams across technology, product, and business units to embed security into our DNA, protect our travelers and partners, and enable the company to achieve its strategic goals securely.
In this role, you will:
Develop and implement a multi-year, proactive cyber risk management program, establishing clear governance, risk appetite, and ownership
Oversee the end-to-end risk lifecycle, from identification and assessment using NIST-aligned methodologies to response, monitoring, and authorization
Advise executive leadership and the board on our cyber risk posture, presenting clear insights and metrics to support strategic decision-making
Drive operational excellence by formalizing exception handling, automating workflows, and integrating risk management into agile and DevOps processes
Lead the achievement and maintenance of alignment with NIST CSF maturity goals and other key compliance frameworks
Build, lead, and mentor a high-performing risk management team, fostering a culture of collaboration, accountability, and continuous improvement
Champion change management strategies to support workforce transformation, including upskilling and AI fluency initiatives
Collaborate with engineering, product, security, privacy, and compliance teams to deliver integrated risk and governance strategies
Model and reinforce Expedia Group’s values, promoting an environment where people feel valued, motivated, and inspired to excel
Minimum Qualifications:
Bachelor’s degree in a related technical field; or Equivalent related professional experience
10+ years of experience in cyber risk management
5+ years of experience in managing teams
Proven ability to assess and manage risks in cloud-native architectures (AWS, Azure, GCP), agile development, and data-driven platforms
Deep understanding of risk management methodologies (NIST CSF, ISO 31000, COSO ERM) and regulatory frameworks (SOX, PCI, SOC 2, GDPR, CCPA)
Preferred Qualifications:
Experience within high-growth technology or SaaS environments
Industry certifications such as CRISC, CISA, CISSP, or ISO 31000
Demonstrated success in cross-functional leadership, proficient executive communication, and building scalable risk programs
Experience with automation, risk register normalization, and continuous monitoring of key controls
Experience collaborating across GRCP functions and with privacy, legal, and IT to deliver integrated risk and governance strategies
Experience in advocating for inclusive talent practices that attract and retain diverse, high-potential individuals prepared to lead in a dynamic environment
Starting pay for this role will vary based on multiple factors, including location, available budget, and an individual’s knowledge, skills, and experience. Pay ranges may be modified in the future.
Expedia Group is proud to offer a wide range of benefits to support employees and their families, including medical/dental/vision, paid time off, and an Employee Assistance Program. To fuel each employee’s passion for travel, we offer a wellness & travel reimbursement, travel discounts, and an International Airlines Travel Agent (IATAN) membership. View our full list of benefits.
Accommodation requests
If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.
We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.
Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. This employer participates in E-Verify. The employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 to confirm work authorization.
