Senior Security Risk & Compliance Analyst

Senior Security Risk & Compliance Analyst




Career Track


Senior Security Risk & Compliance Analyst

This role is eligible for our five day flex office work model.

Senior Analyst, Compliance

Why is this job a big deal:

The position is responsible for managing Priceline’s risk and compliance functions, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.

The Senior Security Risk & Compliance Analyst will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.

In this role you will get to: 

  • Own end-to-end security GRC projects and initiatives to improve our security posture.

  • Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.

  • Monitor control performance of information security controls across the business for timely and effective execution.

  • Coordinate security audit fieldwork (external and internal audits) and other assurance activities.

  • Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.

  • Evaluation, maintenance and enhancement of our current security GRC tools.

  • Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.

  • Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.

  • Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)

  • Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.

Who you are: 

  • 6-8 years of experience working in an information security GRC function

  • One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA

  • Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001

  • Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.

  • Experience driving security GRC initiatives in a proactive and independent manner

  • Experience working with cross-functional teams in fast-paced environments.

  • Solid problem-solving skills and attention to detail.