Data Protection Operations Lead at Airbnb

Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays and experiences that make it possible for guests to connect with communities in a more authentic way. The Community You Will Join: Airbnb is a mission-driven company dedicated to helping create a world where anyone can belong anywhere. It takes a unified team committed to our core values to achieve this goal. Airbnb's various functions embody the company's innovative spirit and our fast-moving team is committed to leading as a 21st century company. The strategic goal of the Risk and Compliance Operations team is to focus on creating the standardized operational security processes and protocols in order to ensure there is proper Risk Governance and Compliance for Community Support teams in specific domains, including product, process, and engineering in accordance with company policies and contractual agreements. The Difference You Will Make: As a key member of our team, you’ll drive operational excellence, foster innovation, and champion security and productivity. You’ll play a pivotal role in designing and maintaining provisioning frameworks, collaborating with engineering partners to optimize permission models and tooling, and balancing speed with robust security across all processes. Your expertise will be essential in leading cross-functional Customer Support initiatives, securing alignment, and building strategic partnerships with teams like InfoSec, Partner Management, Legal, and Privacy to advance our mission. Through your work with stakeholders, you will: • Develop and execute improvement roadmaps. • Manage projects for implementing new security and privacy controls. • Lead process enhancements and optimize access controls. • Define audit and reporting mechanisms for both internal and vendor teams. • Deliver best-in-class privacy and data protection for Operations. You’ll be joining a newly formed team with the rare opportunity to shape its culture and direction—bringing vision, leadership, and an entrepreneurial spirit as our team grows. A Typical Day: • Governance & Reporting: Measure, report, and govern privileged access controls to ensure compliance. • Requirements & Implementation: Document and translate PAM (Privileged Access Management) requirements for technology partners, supporting efficient, modern, and sustainable solutions. • Stakeholder Collaboration: Work cross-functionally to develop and iterate on PAM requirements across Process, Data, and Technology domains. • Policy & Standards: Partner with the policy governance team to socialize and publish updates to the PAM Standard. • Authentication & Security: Apply your mastery of authentication platforms (Active Directory, LDAP, Kerberos, Radius) and PAM principles (JIT provisioning) to make recommendations to policy and provisioning processes and technology teams. • Regulatory Compliance: Ensure alignment with industry regulations and standards (NIST, ISO/IEC, FFIEC), particularly within financial services. • Risk Management: Proactively identify, assess, and mitigate PAM risks, driving continuous improvement and accountability. • Stakeholder Engagement: Report on existing and emerging PAM/information security risks to senior leadership with transparency and clarity. • Quality Assurance: Design and execute thorough test strategies for privileged access processes, collaborate on defect resolution, and recommend improvements for usability, resilience, and security. • Documentation: Maintain clear, comprehensive records of policies, approval processes, and test outcomes. • Industry Engagement: Stay up-to-date with emerging trends and best practices in privileged access management. • Access Management policies: Define and maintain access management policies for different user personas (admin, developer, user, viewer). • Leadership: Coach and train team members, ensuring accurate and efficient Human in the Loop processes. • Access lifecycle: Oversee the full lifecycle of access (create, edit, delete, view, hide, etc.). Build and refine abstractions to inform access decisions, considering: • User roles/personas • Tenant or organizational affiliation • Privileges assigned via specific permissions or group memberships Your Expertise: • 8+ years of hands-on experience with Access and Privileged Access Management (PAM) operations in a technology-driven environment. • Demonstrated experience in PAM operational tasks, including safe creation and management, privileged account onboarding, policy development, and least-privilege access model implementation. • Solid background in identity and access management (IAM) principles and industry best practices. • Experience with operationalizing Just-In-Time (JIT) privilege models, role-based access controls (RBAC), and enforcing Segregation of Duties (SoD). • Working knowledge of authentication protocols (e.g., SAML, OAuth, OpenID Connect, Active Directory, LDAP, Kerberos). • Familiarity with cloud-based privileged access management, including the classification and management of non-human identities (service accounts, API keys, etc.). • Strong understanding of security standards and regulatory frameworks (NIST, ISO/IEC, FFIEC) relevant to access management. • Strong SQL abilities, including querying and dashboard creation. • Clear, concise communication skills, with a proven ability to collaborate across engineering, security, product, and operational teams without a technical background to drive alignment and best-in-class solutions. • Experience in documenting policies, procedures, and reporting on PAM-related risk and compliance metrics. • Demonstrated ownership and accountability for continuous improvement in PAM controls and risk management. • Proactive in identifying and mitigating security risks related to privileged access. • Comfortable working in a fast-paced environment and contributing to cross-functional or global initiatives. • Demonstrated ability to build and coach teams. • Familiarity with access management challenges specific to cloud-native environments (AWS, GCP, Azure). • Involvement in developing or maintaining Privileged Access Management strategies that address both human and non-human identities, including business users, developers, and service accounts. Your Location: This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager. While the position is Remote Eligible, you must live in a state where Airbnb, Inc. has a registered entity. Click here for the up-to-date list of excluded states. This list is continuously evolving, so please check back with us if the state you live in is on the exclusion list If your position is employed by another Airbnb entity, your recruiter will inform you what states you are eligible to work from. Our Commitment To Inclusion & Belonging: Airbnb is committed to working with the broadest talent pool possible. We believe diverse ideas foster innovation and engagement, and allow us to attract creatively-led people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply. We strive to also provide a disability inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation in order to submit an application, please contact us at: [Upgrade to PRO to see contact]. Please include your full name, the role you’re applying for and the accommodation necessary to assist you with the recruiting process. We ask that you only reach out to us if you are a candidate whose disability prevents you from being able to complete our online application. How We'll Take Care of You: Our job titles may span more than one career level. The actual base pay is dependent upon many factors, such as: training, transferable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. This role may also be eligible for bonus, equity, benefits, and Employee Travel Credits. Pay Range$129,000—$152,000 USD