.Viator, a Tripadvisor company, is the leading marketplace for travel experiences. We believe that making memories is what travel is all about. And with 300,000+ travel experiences to explore - everything from simple tours to extreme adventures (and all the niche, interesting stuff in between) - making memories that will last a lifetime has never been easier. With industry-leading flexibility and last-minute availability, it's never too late to make any day extraordinary. Viator. One app, 300,000+ travel experiences you'll remember.Viator is seeking an experienced Director of Security with a blend of software engineering and security engineering skills to lead our Security and Compliance Engineering team, reporting to the head of our engineering platform. Viator is a remote-first company. This role can be either remote from anywhere in the UK, Portugal or Poland, or a hybrid setup based out of our Oxford, London or Lisbon offices.You will be responsible for developing and implementing security strategies across the Security Engineering and Security Operations teams, as well as liaising with other teams delivering parts of our overall security posture.What You Will DoAssess security risks and identify initiatives to address the biggest security risks we face and take them through to delivery.Own and improve the Security Incident response process.Own and improve Viator's ability to detect and respond.Own the Risk and Compliance programs.Consult with product engineering or other engineering platform teams to integrate security and compliance best practices into their engineering designs.Implement tools for automating security processes (e.G. secrets management).Design and lead our security champions program.What We're Looking ForPrior experience in managing a security team within a software product development company, including performance management of your direct reports and teams.You approach security with a DevOps mindset. You prefer security by enablement, automation, and guardrails over gates and roadblocks.You have familiarity with securing and operating on public Cloud (AWS, GCP, Azure) providers.Demonstrated excellence participating on cross-functional teams in fast-paced environments, both in terms of technical leadership and hands-on coding.You possess domain knowledge of common information security, business continuity and privacy management frameworks, regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, FedRamp, SOX, etc.You are an excellent written and verbal communicator. You can articulate complex cybersecurity concepts to both technical and non-technical audiences.Nice to havesLeading security initiatives impacting an engineering platform.Experience securing large scale distributed systems.Demonstrated experience developing AWS or other cloud native applications.Experience with CI/CD, Gitlab and Terraform.Familiarity with the PCI DSS