Own and evolve the security compliance engineering roadmap, aligning security controls with business priorities and risk appetite.
Serve as a technical authority on security compliance domains (e.g., SOC 2, ISO 27001, PCI DSS, SOX, GDPR/Privacy adjacent controls, internal security standards).
Define control objectives, success metrics, and maturity models; drive improvements through measurable outcomes.
Partner to design, implement, and easily testable scaled controls (preventive/detective) across Airbnb’s technical environments and business processes.
Drive building and maintaining evidence automation and continuous compliance mechanisms (e.g., control monitoring, configuration validation, policy-as-code, automated attestations).
Partner with platform teams to embed compliance requirements into existing paved paths limiting bespoke workflows and implementations.
Work closely with security policy, risk, compliance, and broader audit functions to define relevant assessment and audit plans for needed areas ensuring they are testable, repeatable, and low-friction.
Lead complex, cross-org initiatives to remediate control gaps and reduce audit burden through engineering-first solutions.
Provide consultation and hands-on support for product launches, architectural reviews, and high-risk changes requiring compliance alignment.
Requirements
12+ years of experience in security engineering, compliance engineering, platform security, or related domains (or equivalent practical experience)
BS, MS or PhD in CS or related field is preferred
Proven experience leading large-scale, cross-functional security or compliance initiatives with measurable outcomes.
Strong understanding of at least two of the following frameworks/areas: