Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly. We’re on a path to becoming the biggest and airline in aviation history.

Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. Uniteds CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. We help drive progress and growth through trusted digital solutions, safeguarding assets and empowering our team, all while promoting a cyber-safe and secure environment that supports resilient airline operations.

Job overview and responsibilities

The Director, Digital Compliance is accountable for defining, operating, and continuously maturing United’s global digital compliance programs. This role owns strategy, operating model, and execution of compliance across Digital Technology, ensuring regulatory, statutory, and contractual obligations are met in a way that enables the business, scales globally, and integrates seamlessly into how technology and operations function.

This leader moves beyond point-in-time audits to build durable, outcome-driven compliance programs, translating regulatory expectations into clear standards, controls, processes, and metrics that are embedded into daily operations. The Director partners closely with Cybersecurity, Legal, Privacy, Digital Technology, and business leaders to proactively manage compliance risk while supporting speed, reliability, and innovation.

Digital Compliance Program Leadership

• Define and operate United’s global digital compliance programs, including SOX ITGC, PCI DSS, privacy-related obligations, and other regulatory or contractual requirements.
• Establish the compliance operating model, including governance, standards, roles and responsibilities, escalation paths, and decision frameworks.

• Translate regulatory and policy requirements into practical, technology-aligned control expectations that can be consistently executed across teams and platforms.

Program Execution & Oversight

• Own the end-to-end lifecycle of digital compliance programs: planning, implementation, ongoing operation, measurement, and continuous improvement.
• Ensure compliance activities are embedded into technology delivery, operations, and supplier management — not treated as stand-alone exercises.
• Oversee remediation strategy and prioritization, ensuring issues are addressed in alignment with business risk, impact, and operational realities.

Assurance, Testing & External Validation

• Direct internal and external assurance activities (e.g., audits, certifications, assessments) as validation mechanisms for program effectiveness.
• Ensure testing and evidence collection are efficient, repeatable, and aligned to the underlying control intent.
• Act as the primary point of accountability for successful certifications and regulatory outcomes, while minimizing disruption to delivery teams.

Risk & Decision Support

• Partner across Cybersecurity and Digital Risk, Privacy, Legal, and Enterprise Risk teams to identify, assess, and manage compliance-related risks.
• Interpret patterns of noncompliance to inform systemic improvements rather than isolated fixes.
• Provide leadership with clear insights into compliance posture, trends, and risk-based recommendations.

Cross-Functional Partnership

• Work closely with Digital Technology, product teams, and business leaders to operationalize compliance requirements at scale.
• Enable teams with clear guidance, playbooks, and tooling to meet compliance obligations efficiently.
• Serve as a trusted advisor, helping stakeholders navigate regulatory complexity without unnecessary friction.

Continuous Improvement & Modernization

• Drive ongoing improvement of digital compliance processes, controls, and tooling.
• Leverage automation, standardization, and data-driven metrics to improve efficiency and transparency.
• Monitor regulatory changes and evolving expectations; proactively adapt programs to remain current and effective.

People Leadership

• Lead, coach, and develop high-performing compliance professionals.
• Build a culture focused on ownership, accountability, pragmatism, and continuous improvement.

This position is remote and would require approximately 25-30 travel.

Qualifications

Required:

Bachelors degree in Cybersecurity, Information Technology, Risk Management, or related field.

8+ years of experience in digital compliance, cybersecurity risk, or governance functions

At least 2 years leading teams

Demonstrated experience building and operating enterprise compliance programs (not just performing audits).

Strong understanding of security and technology control frameworks and how they apply in large, complex environments.

Proven ability to communicate effectively with executives, technical teams, and business leaders.

Must be legally authorized to work in the United States for any employer without sponsorship

Successful completion of interview required to meet job qualification

Preferred:

Masters degree

Certifications such as CISA, CRISC, CISSP, or CISM

Experience modernizing compliance through automation and integrated GRC tooling.

Background working in regulated or large-scale enterprise environments