If you need assistance during the recruiting process due to a disability, please reach out to our Recruiting Accommodations Team through the Accommodation Request
form. This form is used only by individuals with disabilities who require assistance or adjustments in applying and interviewing for a job. This form is not for inquiring about a position or the status of an application.
Data Privacy Analyst III - Privacy Enablement
Our worldview at Expedia Group is Travel is a force for good; we believe travel is a force for good in the world. You don't have to look too closely to realize right now that
the world needs all the goodness it can get - it needs more travel. And with that as our worldview, the work we do at Expedia Group becomes more important than ever.
The Expedia Enterprise Technology Security & Privacy (ETSP) team is seeking a highly motivated, collaborative, and passionate Data Privacy Analyst, with a practical self-starter mindset to advise and embed privacy by design in our products and user experiences. The role helps the business assess and document our compliance and risk posture related to legal and ethical use of the data that we collect and maintain. You will help mature our data privacy and compliance program by assisting with policy development and data subject rights processes, along with validating data mappings, inventories, and data flows. You will work to identify and measure risks and formulate recommendations for improvements to our data privacy program.
To be successful, you are organized, resourceful, possess domain knowledge on privacy and security compliance and have a can-do attitude. You will be a key member of our privacy and security governance, risk, and compliance team and responsible for strategic and tactical management of the Privacy function, interpreting complex legislation (including international), and providing consultative services to the business and shared services. This role will report to the Senior Manager - Privacy Programs.
While the person in this role should have a solid understanding of technology and data protection, it will reach across the company and should be able to translate business and technology. We believe diversity and inclusion among our teammates produces better results and is critical to our success as a global company and are committed to recruiting, developing, and retaining the most talented people from a diverse candidate pool.
What You'll Do
- Support the Privacy Center to shape and influence a culture of privacy throughout Expedia Group (EG) through campaigns, communication, training and awareness, and key knowledge sharing
- Assist in the design and implementation of a best-in-class global privacy program and guide the execution, implementation, and scaling of the program across the business
- Perform risk assessments, audits, and tests to ensure our systems and processes remain in compliance with applicable regulations and internal policies
- Partner with EG Product and Technology, Brands, Marketing, Data Governance, and Legal teams to further embed privacy by design into our products and services
- Partner with EG Legal Privacy team to strengthen our measurable and scalable processes for demonstrating privacy compliance, including developing metrics relating to:
- Impact assessments (Privacy, Data Transfer, and Data Protection);
- Records of processing activities;
- Data maps;
- Responses to privacy rights requests
- Work to align products and Privacy by Design principles from early stages of development and ensure that the data use meets established regulatory compliance needs.
- Identify, drive, and manage privacy governance maturation, including mapping existing internal policies, standards, guidelines, and controls against internationally recognized data and privacy standards such as ISO, and NIST CSF & Privacy by Design
- Assist in policy lifecycle management process as a subject matter expert in privacy to respond to new regulations and technologies
- Create training and awareness materials, including content development, delivery, tracking, and execution
- Creates written reports and dashboards for monitoring compliance and communicating status with business leaders
- Perform other duties as assigned
Who You Are
- Bachelor's degree in a related technical field; or equivalent related professional experience
- 6+ years of overall corporate work experience with bachelor's degree
- 4+ years of relevant experience with an advanced degree with a focus in information technology/management, risk, or audit preferred
- Privacy and/or security risk management or compliance management related experience preferably in technology, software as a service, or cloud
- In-depth understanding of security/privacy policies, principles, and technologies; as well as familiarity with industry standard security and privacy control frameworks such as ISO 27001 or NIST Privacy Framework
- Familiarity with marketing technologies and privacy implications of consumer advertising technologies
- Excellent communication, interpersonal, organizational, and writing skills, including plan status, results, and presentations
- Solutions-oriented team player, with a track record of identifying and implementing creative solutions and demonstrated project management and organizational skills
- International & US privacy laws and regulations experience
- IAPP CIPP, CIPM, CIPT certification(s) a plus, other certifications desired from ISACA et. al
- Technical skills and expertise to manage information systems and manage compliance tools and processes that enable privacy compliance and incident tracking and reporting (e.g., MetricStream, RSA Archer, OneTrust, etc.)
- Familiarity with privacy laws and regulations such as:
- Experience overseeing the operational aspects of a risk, privacy and/or compliance program, such as developing and/or implementing systems and processes for:
- DPIA, PIA, TIA, ROPA, DSAR, Data Maps
- Third party risk management
- Training and awareness
- Risk assessments
About Expedia Group
Expedia Group (NASDAQ: EXPE) powers travel for everyone, everywhere through our global platform. Driven by the core belief that travel is a force for good, we help people experience the world in new ways and build lasting connections. We provide industry-leading technology solutions to fuel partner growth and success, while facilitating memorable experiences for travelers. Expedia Group's family of brands includes: Brand Expedia, Hotels.com, Expedia Partner Solutions, Vrbo, trivago, Orbitz, Travelocity, Hotwire, Wotif, ebookers, CheapTickets, Expedia Group Media Solutions, Expedia Local Expert, CarRentals.com, and Expedia Cruises.
2021 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50
Employment opportunities and job offers at Expedia Group will always come from Expedia Group's Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you're confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals to whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.
Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.