Director of Engineering, Security (Viator)

Viator, a Tripadvisor company, is the leading marketplace for travel experiences. We believe that making memories is what travel is all about. With industry-leading flexibility and last-minute availability, it's never too late to make any day extraordinary.

Viator is seeking an experienced Director of Security with a blend of software engineering and security engineering skills to lead our Security and Compliance Engineering team, reporting to the head of our engineering platform. This role can be either remote from anywhere in the UK, Portugal, or Poland, or a hybrid setup based out of our Oxford, London, or Lisbon offices.

You will be responsible for developing and implementing security strategies across the Security Engineering and Security Operations teams, as well as liaising with other teams delivering parts of our overall security posture. The ideal candidate will have a proven track record of building and/or implementing and improving the maturity of security programs in Cloud-based E-Commerce Marketplaces and possess excellent leadership and communication skills. You must have significant engineering acumen as this is a highly technology-driven role.

• Assess security risks and identify initiatives to address the biggest security risks we face and take them through to delivery.
• Own and improve the Security Incident response process.
• Own and improve Viator’s ability to detect and respond.
• Own the Risk and Compliance programs.
• Consult with product engineering or other engineering platform teams to integrate security and compliance best practices into their engineering designs.
• Implement tools for automating security processes (e.g. secrets management).
• Design and lead our security champions program.

• While the core focus of the role is on leadership, strategy, and executive communications, you should have enough technical skills/understanding of our stack to manage and challenge a highly technical team and help them arrive at strong decisions.
• Prior experience in managing a security team within a software product development company, including performance management of your direct reports and teams.
• You approach security with a DevOps mindset.
• You prefer security by enablement, automation, and guardrails over gates and roadblocks.
• You have familiarity with securing and operating on public Cloud (AWS, GCP, Azure) providers.
• The ability to guide and mentor other members within the team and improve the way we collaborate, learn, and share ideas.
• Demonstrated excellence participating on cross-functional teams in fast-paced environments, both in terms of technical leadership and hands-on coding.
• You possess domain knowledge of common information security, business continuity, and privacy management frameworks, regulatory requirements, and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, FedRamp, SOX, etc.
• You are an excellent written and verbal communicator.
• You can articulate complex cybersecurity concepts to both technical and non-technical audiences.

• Leading security initiatives impacting an engineering platform.
• Experience securing large scale distributed systems.
• Demonstrated experience developing AWS or other cloud native applications.
• Experience with CI/CD, Gitlab, and Terraform.
• Familiarity with the PCI DSS.
• Experience in managing multiple engineering/security teams.

• Competitive compensation packages, including base salary, annual bonus, and equity.
• Flexible work arrangements with a remote-friendly approach.
• Flexible schedule promoting work-life balance.
• Donation matching for charitable contributions.
• Tuition assistance for career development.
• Lifestyle benefit for personal spending.
• Travel perks for employee development.
• Employee assistance program for personal support.
• Health benefits with great coverage.

• We aspire to lead.
• We’re relentlessly curious.
• We’re better together.
• We serve our customers, always.
• We strive for better, not perfect.
• Our workplace is for everyone.

If you need a reasonable accommodation or support during the application or the recruiting process due to a medical condition or disability, please reach out to your individual recruiter or send an email to let us know the nature of your request. Please include the job requisition number in your message.