Expedia Group Logo

Expedia Group

Security Operations Analyst II – Third Party Risk Management Operations Center

Posted 2 Hours Ago
Be an Early Applicant
Hybrid
Gurgaon, Gurugram, Haryana
Mid level
Hybrid
Gurgaon, Gurugram, Haryana
Mid level
Support end-to-end third party security assessments and ongoing monitoring: collect and review vendor evidence, evaluate controls against standards, manage TPRM workflows in ticketing platforms, coordinate remediation with internal teams and vendors, document audit-ready findings, and drive process and tooling improvements for vendor risk management.
The summary above was generated by AI

At Expedia Group, we help travelers explore the world, one journey at a time. As a global travel company powered by passionate people, trusted partnerships, and leading technology, we connect travelers, partners, and advertisers through our consumer brands, B2B network, and travel advertising business.


Here, you'll do meaningful work that helps millions of people discover, book, and experience travel with more ease, confidence, and joy. Our five Behaviors-Traveler First, Think Big, Operate with Excellence, Ownership Mindset, and Succeed Together-help foster a supportive environment where people can grow their careers and have the flexibility, benefits, and support to do their best work. Join us and build for travelers everywhere.

About the Team:

The Expedia Group Security Governance, Risk, Compliance and Privacy (GRCP) organization is building a world‑class Third Party Risk Management (TPRM) Operations Center to support global supplier security and compliance operations.

We are seeking a highly organized and detail‑oriented Security Operations Analyst to support end‑to‑end third party security due diligence, ongoing monitoring, evidence collection, control assessment, documentation, and coordination activities across Expedia Group’s vendor ecosystem.

This role is ideal for someone who thrives in a fast‑paced environment, has strong operational discipline, and enjoys working across technical, legal, procurement, and business teams to help manage security and compliance risk from third parties.

As part of the India‑based TPRM Operations Center, you will play a key role in how we execute day‑to‑day third party risk operations and respond to customer, regulatory, and internal stakeholder expectations.

 

In this role, you will:

  • Support end‑to‑end third party security assessments for new and existing vendors, including scoping, initiating assessments, collecting documentation, and tracking to closure.

  • Review and analyze vendor security evidence (e.g., SOC 2 reports, ISO 27001 certificates, penetration test reports, security policies, questionnaires such as CAIQ/VSAQ/SIG) to identify control coverage, gaps, and issues.

  • Perform structured security and risk evaluations against Expedia Group TPRM standards and industry frameworks (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS, privacy requirements) and document clear, defensible conclusions.

  • Create and manage TPRM tickets and workflows (e.g., in Jira or a third party risk platform), ensuring assessments, findings, and remediation items are logged, updated, and closed within defined SLAs.

  • Coordinate with internal stakeholders (Security, Privacy, Legal, Procurement, Engineering, Product, Business Owners) to obtain required information, clarify use cases, and agree on risk treatment decisions.

  • Engage directly with vendors to clarify questionnaire responses, request additional evidence, explain control expectations, and follow up on remediation or risk treatment actions.

  • Document assessment results including risk ratings, control gaps, compensating controls, and recommended actions in a consistent and audit‑ready manner.

  • Support ongoing monitoring activities, including periodic reassessments, trigger‑based reviews (e.g., incidents, scope changes), certificate and report renewals, and continuous control monitoring where available.

  • Maintain organized repositories of TPRM evidence and artifacts to support repeatable processes, customer due diligence responses, and regulatory examinations.

  • Track and report status of third party assessments, issues, and remediation progress, highlighting risks, blockers, and trends to TPRM and GRCP leadership.

  • Contribute to process and tooling improvements for TPRM workflows, templates, questionnaires, and metrics to drive efficiency, consistency, and better risk decisions.

  • Support broader GRCP initiatives as needed, such as control mapping, new regulatory requirements impacting vendors, or integration of TPRM with other security and compliance programs.

 

Experience and Preferred Qualifications:
 

Minimum Qualifications:

  • Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical field; or equivalent practical experience in security operations or incident response.

  • 3–5 years of experience in third party risk management, security GRC, IT audit, vendor risk, or related technology risk/compliance roles

  • Experience supporting vendor due diligence or security assessments, including reviewing security documentation such as SOC 2, ISO 27001, penetration test reports, or security policies/standards.

  • Familiarity with common security and risk frameworks such as ISO 27001, SOC 2, NIST CSF, PCI DSS, and/or privacy requirements (e.g., GDPR, CCPA) and how they apply to third party environments.

  • Understanding of core information security concepts (e.g., access control, encryption, logging/monitoring, network security, vulnerability management, incident response) and ability to relate them to vendor controls.

  • Comfortable working in workflow and ticketing systems (e.g., Jira, ServiceNow) and ideally exposure to third party risk platforms (e.g., Archer, OneTrust, ServiceNow VRM, or similar).

Preferred Qualifications:

  • Experience handling complex, multi-stage security incidents in large-scale, distributed, or cloud-based environments, including root cause analysis and post-incident reviews.

  • Information security, audit, or risk certifications are a plus (e.g., CISA, CRISC, Security+, ISO 27001 Associate, CTPRP/CTPRP‑like third party risk certifications).

  • Proven track record of improving SOC effectiveness through detection engineering, runbook optimization, automation, or tuning of security tools to enhance signal quality and response speed.

  • Experience using data-driven approaches to identify security trends, measure operational performance, and prioritize improvements to controls, detections, and processes.

  • Background in integrating or supporting AI/ML-enabled security capabilities (for example behavior analytics, anomaly detection, or automated response) and safely operating these solutions in production.

  • Experience providing technical input into the design or improvement of security architectures, controls, and monitoring for new or existing services, working closely with engineering and platform teams to embed security by design.

Accommodation requests

Expedia Group is committed to providing an inclusive and accessible recruiting experience. If you need an accommodation or adjustment due to a disability during the application or recruiting process, please submit a request at https://expedia.service-now.com/askeg?id=job_accommodation.


About Expedia Group

Expedia Group includes three flagship consumer brands - Expedia, Hotels.com, and Vrbo - along with a leading B2B travel business and travel advertising offerings. Across our brands and business, we help travelers explore the world with confidence and ease.


Important notice

Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never share sensitive personal information unless you are confident of the recipient. Expedia Group does not extend job offers via email or messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official place to find and apply for roles is https://careers.expediagroup.com/jobs/.


Equal Opportunity

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.

Similar Jobs at Expedia Group

4 Hours Ago
Hybrid
Junior
Junior
AdTech • eCommerce • Information Technology • Travel • Generative AI
Join Expedia Group's B2B engineering team to develop, test, and integrate software powering global partner ecosystems. Collaborate with peers, apply CS fundamentals, write maintainable code, and build technical expertise while supporting system integrations and aligning team work with business goals.
Top Skills: JavaScala
Junior
AdTech • eCommerce • Information Technology • Travel • Generative AI
Deliver and facilitate in-person and virtual training for global TPSP initiatives, assess learning outcomes, coach agents, report training performance, perform training needs analysis, manage learning projects, and collaborate with Instructional Design, Operations, and Quality teams to improve contact-centre performance.
Top Skills: Data DashboardsLmsMs-ExcelPowerPoint
Yesterday
Hybrid
Junior
Junior
AdTech • eCommerce • Information Technology • Travel • Generative AI
Provide Level II technical support for Vrbo products: triage and resolve escalated customer issues, analyze logs/monitoring data, escalate bugs to product/development teams, document resolutions, educate customers on best practices, and meet case completion and quality SLAs.
Top Skills: AndroidChromeDatadogDhcpDnsExcelFirefoxGraphQLHTTPImapiOSKibanaModemsNew RelicOutlookPowerPointRoutersSaaSSafariSplunkSQLTcp/IpWi-FiWindowsWord

What you need to know about the Mumbai Tech Scene

From haggling for the best price at Chor Bazaar to the bustle of Crawford Market, the energy of Mumbai's traditional markets is a key part of the city's charm. And while these markets will always have their place, the city also boasts a thriving e-commerce scene, ranking among the largest in the region. Driven by online sales in everything from snacks to licensed sports merchandise to children's apparel, the local industry is worth billions, with companies actively recruiting to meet the demands of continued growth.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account