Viator, a Tripadvisor company, is the leading marketplace for travel experiences.
We believe that making memories is what travel is all about.
With 300,000+ travel experiences to explore - everything from simple tours to extreme adventures - making memories that will last a lifetime has never been easier.
Viator is seeking an experienced Director of Security with a blend of software engineering and security engineering skills to lead our Security and Compliance Engineering team, reporting to the head of our engineering platform.
This role can be either remote from anywhere in the UK, Portugal, or Poland, or a hybrid setup based out of our Oxford, London, or Lisbon offices.
What You Will Do Assess security risks and identify initiatives to address the biggest security risks we face and take them through to delivery.
Own and improve the Security Incident response process.
Own and improve Viator's ability to detect and respond.
Own the Risk and Compliance programs.
Consult with product engineering or other engineering platform teams to integrate security and compliance best practices into their engineering designs.
Implement tools for automating security processes (e.g., secrets management).
Design and lead our security champions program.
What We're Looking For Prior experience in managing a security team within a software product development company, including performance management of your direct reports and teams.
You approach security with a DevOps mindset, preferring security by enablement, automation, and guardrails over gates and roadblocks.
Familiarity with securing and operating on public Cloud (AWS, GCP, Azure) providers.
Demonstrated excellence participating on cross-functional teams in fast-paced environments, both in terms of technical leadership and hands-on coding.
Domain knowledge of common information security, business continuity, and privacy management frameworks, regulatory requirements, and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, FedRamp, SOX, etc.
You are an excellent written and verbal communicator, capable of articulating complex cybersecurity concepts to both technical and non-technical audiences.
Nice to Haves Leading security initiatives impacting an engineering platform.
Experience securing large scale distributed systems.
Demonstrated experience developing AWS or other cloud native applications.
Experience with CI/CD, Gitlab, and Terraform.
Familiarity with the PCI DSS.
#J-18808-Ljbffr