Risk & Compliance Analyst

We believe that we are better together, and at Tripadvisor we welcome you for who you are. Our workplace is for everyone, as is our people-powered platform. At Tripadvisor, we want you to bring your unique identities, abilities, and experiences, so we can collectively revolutionize travel and together find the good out there.

We are looking for a Risk & Compliance Analyst who will play a key role in maintaining and enhancing our global risk and compliance framework, ensuring adherence to relevant laws and regulations, internal policies and third party risk standards. You would identify and mitigate risks, develop and implement compliance programs and monitor compliance with existing and newly developed programs. This role directly supports our ability to scale securely and responsibly, helping to protect customer trust and business continuity across different business units and global markets.

Job Location: London-Hybrid

This role is a hybrid position that requires 1 day per week

What You'll Do:

Play a lead role in our Compliance program, including:

Monitoring applicable rules and regulations, including changes and updates, and recommending appropriate action plans as necessary.

Identifying, assessing, and tracking operational, strategic and compliance risks across departments.

Collaborating with internal stakeholders to conduct periodic risk reviews, present risk reports and support mitigation planning.

Addressing compliance inquiries/issues identified as a result of compliance reviews, internal audits, third party audits or otherwise escalated.

Supporting the Compliance Team and other key stakeholders on initiatives as assigned.

Supporting the Privacy, Cybersecurity and Information Security teams with projects to include compliance readiness for new laws, regulations (e.g. GDPR and CCPA), frameworks (e.g. COSO and NIST cybersecurity frameworks) and standards (e.g, DORA, PCI standards).

Supporting regulatory, internal or external audits or certifications.

Provide knowledge and operational input on our Third-Party Risk Management framework, including:

Performing third-party vendor risk assessments, evaluating privacy, information security, and AI compliance risks, among others, during onboarding and renewal processes.

Reviewing, updating and maintaining third party risk questionnaires and registers collaborating with various departments, including Legal, Information Security, IT and Procurement.

Support the Privacy team on a number of Data Privacy enhancing initiatives, including:

conducting and document end-to-end Privacy Impact Assessments (PIAs) for new and existing products and processes, supporting compliance with GDPR, CCPA, and other privacy regulations.

Maintain and update the Record of Processing Activities (ROPA) in collaboration with cross-functional teams.

In addition to the above key responsibilities, you will have the opportunity to work closely with other Compliance team members to execute and bolster the compliance plan and get involved in a number of projects, including reviews of policies, procedures and enquiries.

Reporting Structure and Team:

This is an individual contributor position that will report directly to the Director, Legal & DPO.

Skills & Experience:

Required:

3+ years of experience in a risk, compliance, ideally within a technology, fintech, or travel-related company.

Proven experience conducting PIAs, managing ROPA, and performing third-party/vendor risk assessments.

Familiarity with data privacy regulations (e.g., GDPR, CCPA).

Hands-on experience using risk and compliance tools, such as OneTrust and/or AuditBoard.

Strong policy writing skills and ability to translate legal/regulatory requirements into practical guidance.

Excellent organisational, analytical, and interpersonal communication skills.

Comfortable working independently and collaboratively in a fast-paced environment.

Preferred:

Experience supporting internal or external audits and assessments.

Knowledge of and/or exposure to compliance and security frameworks such as ISO, NIST.

Certifications such as CIPP/E, CIPT, etc

Familiarity with SaaS platforms and global vendor ecosystems.

Experience working with the Google Suite of products.

What We Offer:

• Flexible activity-based working fostered collaboration and productivity
• Inclusive global travelers community welcoming diverse perspectives
• Competitive salary package including performance bonuses
• Development programs, managerial courses, and learning series
• Health insurance covers medical, dental, and vision for families (varies by country)
• Lifestyle Reimbursement Benefit for personal travel, and physical, mental, and financial wellness
• Several paid time off programs, including time to bond with new children and care for family members. Paid public holidays, and year-end office shutdown
• Employee assistance program for short-term counseling and free Calm app subscription
• State-of-the-art offices: dining, coffee points, and leisure area

We strive to create an accessible and inclusive experience for all candidates. If you need a reasonable accommodation during the application or the recruiting process, please make sure to reach out to your individual recruiter or our team at .

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

Website

Current Company

Current Title

Application Consent Select

Tripadvisor collects your personal data for the purposes of managing Tripadvisor's recruitment related activities as well as for organizational planning purposes globally. Consequently, Tripadvisor may use your personal data in relation to the evaluation and selection of applicants including for example setting up and conducting interviews and tests, evaluating and assessing the results thereto and as is otherwise needed in the recruitment processes including the final recruitment. If you join Tripadvisor, the personal data collected will become part of your employment record. In all cases, Tripadvisor will retain your information for a period after your application. Tripadvisor retains this information for various reasons, including in case Tripadvisor faces a legal challenge in respect of a recruitment decision, to consider you for other current or future jobs and also to help us better understand, analyze and improve our recruitment processes.

Tripadvisor does not disclose your personal data to unauthorized third parties. However, as a global corporation consisting of multiple affiliated companies in various countries, Tripadvisor has international sites and Tripadvisor uses resources located throughout the world. Tripadvisor may from time to time also use third parties to act on Tripadvisor's behalf. You agree to the fact that to the extent necessary your personal data may be transferred and/or disclosed to any company within Tripadvisor group of companies as well as to third parties acting on Tripadvisor's behalf, including also transfers to servers and databases outside the country where you provided Tripadvisor with your personal data. Such transfers may include for example transfers and/or disclosures outside the European Economic Area and to the United States of America, in order to contact your referees or to detect, prevent or otherwise address fraud, security or technical issues, or to protect against harm to the rights, property or safety of Tripadvisor, our users, applicants, candidates, employees or the public or as otherwise required by law. We have put in place adequate safeguards with respect to the protection of your privacy, rights and freedoms, and the exercise of your rights.

Massachusetts Notification Select

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.