Senior Technical Internal Auditor

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.

Why Join Us?

To shape the future of travel, people must come first. Guided by our Values and Leadership Agreements, we foster an open culture where everyone belongs, differences are celebrated and know that when one of us wins, we all win.

We provide a full benefits package, including exciting travel perks, generous time-off, parental leave, a flexible work model (with some pretty cool offices), and career development resources, all to fuel our employees' passion for travel and ensure a rewarding career journey. We’re building a more open world. Join us.

Introduction to Our Team 

Expedia Group brands power global travel for everyone, everywhere. We design cutting-edge tech to make travel smoother and more memorable, and we create groundbreaking solutions for our partners. Our diverse, vibrant, and welcoming community is essential in driving our success.

The Senior Technical Internal Auditor would be reporting to the Technical Audit Senior Manager, the Senior IT Auditor performs the tactical end-to-end execution of technical risk management, compliance, assurance and audit projects, including discovery, scoping, planning, fieldwork, development/design of recommendations, report writing, tracking of audit issues, and verification of management action items, under the guidance/direction of managers.

In this role you will:

• Acquire and demonstrates a solid understanding of how the department operates and fits into the larger organization
• Acquire a solid understanding of the various functions/organizations within the broader enterprise
• Demonstrate solid awareness of the policies, practices, trends and information that impact the organization and its customers
• Demonstrate solid understanding of the financial, operational, and technical impact of decisions/solutions on the organization and its customers
• Keep relevant stakeholders informed of key progress toward or significant changes to task timing that impacts the project schedule
• Assist team members in the creation of routine technical communication materials (e.g., policies & procedures, guidelines, presentations, messages)
• Apply a solid understanding of electronic workpapers and/or GRC and Audit Management systems
• Apply a solid understanding of IIA framework
• Apply a solid understanding IT controls frameworks
• Applies a solid understanding of technical and operational risk and compliance frameworks and industry best practices (e.g., ISO, COSO, COBIT, NIST, etc.)
• Plan and execute audit and consultancy projects, including but not limited to audit planning, facilitation of process interviews, identification of risks, internal controls testing, identification of issues, and communication of audit/consultancy results to Company management;
• Demonstrate understanding of key business process risks and controls, and perform evaluation of design and effectiveness of controls;
• Perform advisory work for key processes or projects being implemented consisting of evaluating gaps and risk and providing guidance prior to implementation;
• Participate in enterprise-wide risk assessment interviews with key partners; •    Demonstrate strong project management skills and the ability to multi-task on quality work deliverables; and
• Build and maintain strong positive relationships with Expedia personnel as a representative of the Corporate Audit Team
• Applies a solid understanding of regulatory and technical compliance
• Applies a solid understanding of at least several of these areas (IT General Controls, Cybersecurity, Hybrid and Cloud operations, Data governance and management, Data privacy compliance, or System Development Life Cycle) to execute technical audits or other risk and compliance-related initiatives in order to identify, assess, and explain risks, report findings, and develop and communicate recommendations
• Applies practical data analysis methods and procedures including the collection, analysis and developing of insights of data
• Applies solid understanding of risks and controls to develop audit planning documents, including Risk and Control Matrices (RCM), process and data flow diagrams, and executive-level planning memos
• Prepares relevant audit workpapers and reports for senior management on the results of operational and technical audits or other risk-based assessments
• Leverages proper techniques and solid knowledge to interpret basic audit analyses and reports

Experience and qualifications:

• 3-5 years of relevant experience in technical risk/assurance consulting and/or internal audit
• Bachelor's degree in related technical field or equivalent related professional experience
• Big 4 public accounting experience preferred, but not required
• CIA, CISA, OSCP, CCSK, CISM, CISSP, CDPSE, IAPP, CRISC or similar certification desired
• Operational, technology or security business processes and best practices;
• Excellent written and verbal communication skills with previous experience in writing internal audit reports
• Understanding, developing, interpreting process models, flowcharts, narratives;
• Solid understanding of IT General Controls (Logical Access, Change Management, IT Operations, Program Development/SDLC), including design and operation of controls
• Cybersecurity concepts, risks and controls/practices (e.g., identity access management, vulnerability management, security governance, software development, auditing and logging, micro segmentation, secure access services, PKI) and security frameworks such as NIST, ISO 27000
• Cloud operations (e.g., Cloud architecture, infrastructure, networks, secure compute workloads, resiliency, data encryption, account and key management, identity access management, software development in the cloud)
• Data governance (e.g., frameworks, policies, third-party data risks, and data security and protection)
• Data privacy compliance including GDPR, CCPA and other regulations
• Big Data (e.g. data analysis and visualization tools, data engineering modeling, scripting language such as SQL or Python)

Accommodation requests

If you need assistance with any part of the application or recruiting process due to a disability, or other physical or mental health conditions, please reach out to our Recruiting Accommodations Team through the Accommodation Request.

We are proud to be named as a Best Place to Work on Glassdoor in 2024 and be recognized for award-winning culture by organizations like Forbes, TIME, Disability:IN, and others.

Expedia Group's family of brands includes: Brand Expedia®, Hotels.com®, Expedia® Partner Solutions, Vrbo®, trivago®, Orbitz®, Travelocity®, Hotwire®, Wotif®, ebookers®, CheapTickets®, Expedia Group™ Media Solutions, Expedia Local Expert®, CarRentals.com™, and Expedia Cruises™. © 2024 Expedia, Inc. All rights reserved. Trademarks and logos are the property of their respective owners. CST: 2029030-50

Employment opportunities and job offers at Expedia Group will always come from Expedia Group’s Talent Acquisition and hiring teams. Never provide sensitive, personal information to someone unless you’re confident who the recipient is. Expedia Group does not extend job offers via email or any other messaging tools to individuals with whom we have not made prior contact. Our email domain is @expediagroup.com. The official website to find and apply for job openings at Expedia Group is careers.expediagroup.com/jobs.

Expedia is committed to creating an inclusive work environment with a diverse workforce. All qualified applicants will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.