IT Compliance Analyst, IT Risk Management

Have you ever had the opportunity to impact the lives of millions of people in a meaningful way and help them enjoy time away with their friends and families building memories? That’s what we do here at HomeAway.com, an Expedia Inc. company. We are the leading vacation rental website in the world with more than one million online bookable vacation rentals. Our mission is to make every vacation rental in the world available to every traveler in the world through our online marketplace and we're committed to helping families and friends find the perfect vacation rental to create unforgettable travel experiences together.

Job Summary:

Reporting to the IT Risk Manager, the IT Compliance Analyst will aid in oversight of HomeAway compliance programs including SOX, SSAE 16/18, and PCI-DSS. The right candidate will work closely compliance team leads and different departments to help execute, design, and improve IT control frameworks and IT security best practices. These activities include: risk assessments, operational process reviews, quarterly logical access audits, and policy review and enforcement. The role will support IT risk management processes to improve the overall risk management program through implementation of tooling and solutions allowing for automation and scalability.

Job Responsibilities:

• Facilitate adherence to compliance standards by supporting team leads in coordination of external audits, control assessments, and scoping exercises

• Perform IT-focused risk assessments for major IT projects and processes within the organization. The risk assessment process includes obtaining risk owner acknowledgement and tracking to mitigation.

• Identify inconsistencies and gaps within a business and IT processes and collaborate with stakeholders to clarify and simplify complex processes in order to remediate a gaps

• Provide guidance to the IT organization related to compliance, policy, and security requirements

• Participate in providing automation of controls and real-time exception-based auditing

• Produce high quality documentation and support guidance with facts and evidence

• Effectively build and manage trusted partnerships with internal collaborators through knowledge, consistency, and quality of work

• Research and remain up-to-date on IT risk management practices

Qualifications:

• Bachelor’s Degree and at least 3 - 5 years of experience in an information security environment including knowledge of control frameworks including SANS Top 20 Security Controls, COBIT, IT general controls, and PCI-DSS

• PCI ISA/QSA certification or experience preferred

• Knowledge of cloud environments and technologies preferred

• Must effectively deal with rapid technological and business changes while maintaining enthusiasm, displaying sound judgment, and being a solutions provider

• Willingness to self-learn new technologies and tools

• Ability to work in and understand scenarios at both the process and technical levels

• Highly proficient in verbal and written communication

• Highly motivated self-starter

• Must have the ability to work independently

Benefits:

• Great Medical & Dental Plans

• Highly Competitive salary

• Target annual bonus

• Company stock (RSU's)

• Employee Stock Purchase Plan

• 4 weeks paid vacation

• Ability to work up to two weeks in any of our offices around the world on a yearly basis

• Free drinks & snacks

• Weekly company update talks with our leadership team

• Free listing on HomeAway.com

• Stand up desk

• Casual dress code