Process Risk and Compliance Operations Manager

The Community You Will Join:

• The Community Support org handles tens of millions of interactions yearly, engaging with Airbnb customers by phone, messaging, chat, or social media channels. The group handles hundreds of issues across categories including Cancellations, Account Issues, Refunds, Payments, Reservations, Extenuating Circumstances, Booking & Listing issues, Safety & Claims. The organization is globally distributed with offices in San Francisco, Dublin, Montreal, Seattle, Singapore, Manila, Gurgaon and an extensive partner network serving all regions.

The Difference You Will Make:

• In this role you will own the strategic design and continuous evolution of risk frameworks, the risk registry, and executive risk narratives for Community Support — translating investigative findings, AI/ML model outputs, operational signals, and emerging threats into decisions and actions that protect Airbnb.
• A defining element of this role is your close partnership with the Insider Threat program. Together, you will form a complementary unit: you will ensure that investigative outcomes are contextualized within the broader risk ecosystem — informing risk appetite decisions, shaping detection strategy, and driving remediation accountability. You will co-own escalation frameworks, jointly challenge detection model effectiveness, and ensure that the feedback loop between investigations, risk governance, and AI-driven detection is robust and continuously improving.
• Beyond analysis and governance design, you will serve as the program manager for systemic root cause resolution — ensuring that when investigations, incidents, or risk assessments reveal structural vulnerabilities, those root causes do not languish in a findings log but are tracked, assigned, resourced, and driven to completion across the organization. This requires the discipline of program management combined with the authority and influence to hold cross-functional teams accountable for closing gaps.
• Critically, as Airbnb accelerates its use of AI and automation across operations, you will serve as a risk steward for AI systems that touch Community Support —  leading governance and discussions of the implications of deploying AI in high-stakes decision-making environments. This is not a technical role; it is a role that requires you to ask the right questions of technical teams, interpret outputs with skepticism, and ensure that AI-driven processes are governed with the same rigor as human-driven ones.
• You will be joining a new team and have the opportunity to shape its development, taking on a growing leadership role over time. We are looking for someone with the drive to build something from nothing and push for growing excellence.

A Typical Day: 

• Design and own the CS Risk Appetite Framework — define guardrails, escalation triggers, and pre-approved response actions. This is not a documentation exercise; it requires continuous negotiation with senior leaders and cross-functional partners to calibrate organizational tolerance in a rapidly changing threat environment.
• Own and evolve the CS Risk Registry as a living strategic instrument. Your job is to challenge what gets prioritized, determine whether risk scores reflect reality, identify risks that automated systems miss entirely (e.g., emergent social engineering tactics, regulatory shifts, insider collusion patterns), and ensure accountability for remediation.
• Develop and stress-test risk assessment standards — including key risk indicators (KRIs), risk typologies, and emerging threat hypotheses. Critically evaluate whether existing KRIs remain meaningful or whether they have become stale proxies that create false confidence.
• Support the evolution of models and processes used in detection triage and investigation  — not by building models, but by interrogating model assumptions and sources of risk.
• Establish ongoing governance cadences — risk review boards, quarterly risk assessments, and challenge sessions where risk assumptions are pressure-tested by diverse stakeholders, not simply ratified.

• Collaborate closely with the Insider Threat Investigations to ensure investigative outcomes are systematically captured, contextualized, and integrated into risk governance. Your role is to provide the strategic risk lens — asking: What does this pattern of findings tell us about our risk posture? Where are our blind spots? What should we investigate that we are not?
• Co-design escalation and review protocols for high-severity investigation findings and risk non-compliant transactions. Ensure that escalation criteria evolve as threat actors adapt, and that protocols account for edge cases that automated triage systems cannot handle.
• Participate in joint case reviews, postmortems, and incident debriefs to extract systemic insights: Is this a one-off or a pattern? Does this reveal a control gap? Does this change our risk appetite?
• Provide strategic risk context to the Investigations team — help prioritize investigative focus areas based on risk registry intelligence, KRI trends, and organizational risk appetite rather than solely on case volume or severity scores.
• Coordinate the feedback loop between investigations and AI-driven detection systems — ensuring that investigative findings inform detection improvements, and that detection model performance is tracked, challenged, and reported as part of the broader risk posture.

• Own the end-to-end lifecycle of root cause resolution — from the moment a systemic root cause is identified (through investigations, incidents, postmortems, risk assessments, or AI model failures) through to verified remediation and closure. This is not an analytical exercise alone; it is a program management discipline that requires tracking, accountability, and sustained cross-functional pressure.
• Maintain and govern a centralized root cause and remediation tracker that captures all identified systemic issues, assigns clear ownership, defines resolution milestones and deadlines, and provides real-time visibility into remediation progress. Ensure this tracker is reviewed at regular governance cadences and escalated when timelines slip.
• Distinguish between symptomatic fixes and true root cause resolution. Challenge teams that propose surface-level patches and advocate for structural solutions — even when they are harder, slower, or require investment from teams outside CS. Escalate to senior leadership when organizational inertia prevents meaningful remediation.
• Drive cross-functional remediation workstreams — coordinate across relevant partner teams to ensure that root cause resolution plans are resourced, sequenced, and executed. Hold workstream owners accountable through regular status reviews, blockers identification, and executive escalation where necessary.
• Track resolution effectiveness over time — monitor whether implemented fixes actually reduce the recurrence of the underlying risk. If a root cause was "resolved" but the same pattern reappears, re-open the issue and drive a deeper investigation into why the fix failed.
• Integrate root cause intelligence into the risk registry and risk appetite framework — ensure that patterns of recurring root causes inform risk scoring, KRI design, and strategic risk priorities. If the same category of root cause keeps surfacing, that is a signal that the risk framework itself needs adjustment.
• Report on root cause resolution health to senior leadership — including metrics on open vs. closed root causes, average time to resolution, aging items, recurrence rates, and cross-functional accountability. Make this a standing component of executive risk reporting.

• Craft and deliver executive-level risk narratives, provide the interpretive layer that tells leadership what the data means, what decisions are required, and what trade-offs are at stake. This requires the ability to synthesize ambiguous, incomplete, and sometimes contradictory signals into a coherent story under time pressure.
• Own the reporting architecture — determine what should be measured, how it should be presented, and to whom. Challenge vanity metrics and advocate for indicators that reflect actual risk exposure.
• Define and maintain monitoring thresholds and escalation triggers in collaboration with the Investigations Manager — ensuring these thresholds are calibrated to real-world conditions rather than historical baselines that may no longer apply.
• Translate investigative findings, root cause resolution status, and AI model performance data into actionable risk mitigation recommendations — bridging the gap between technical teams and executive decision-makers.

• Drive cross-functional risk alignment — serving as the connective tissue that ensures risk is managed holistically rather than in silos. This requires relationship-building, political navigation, and the credibility to challenge peers and senior leaders.
• Lead systemic risk reviews — going beyond surface-level incident response to identify structural vulnerabilities, incentive misalignments, and process design flaws that create risk. Ensure findings from these reviews feed directly into the root cause resolution program.
• Champion the integration of risk thinking into operational design — ensuring that new processes, tools, and AI deployments are evaluated through a risk lens before launch, not after failure.
• Serve as a change agent for risk culture — moving the organization from reactive compliance toward proactive risk intelligence. This means influencing behavior, not just writing policies.

• Provide leadership and mentorship to more junior team members — developing their ability to think critically about risk, challenge data, and communicate effectively with senior stakeholders.
• Design and deliver risk and compliance training that goes beyond checkbox compliance — building genuine risk literacy across CS teams, including an understanding of AI risks and limitations.
• Foster a culture of constructive challenge — where team members are expected to question assumptions, flag concerns, and contribute to the continuous evolution of the risk program.

Your Expertise:

• Bachelor's degree in Business, Risk Management, Finance, Operations, or related field (advanced degree preferred), or equivalent practical experience.
• 10+ years of experience in risk management, compliance, governance, or operational risk — with a demonstrated track record of building and evolving risk frameworks, registries, and reporting programs (not just maintaining them).
• Proven program management capability — specifically the ability to drive complex, cross-functional remediation and root cause resolution efforts from identification through verified closure. 
• Experience collaborating with or providing strategic oversight to investigations teams — with a strong understanding of how investigative findings translate into enterprise risk intelligence and governance action.
• Demonstrated ability to evaluate and govern AI/ML systems from a risk perspective — you do not need to build models, but you must be able to critically assess model assumptions, failure modes, bias risks, and governance requirements. Experience challenging technical teams on AI outputs and driving human-in-the-loop governance is essential.
• Proven ability to synthesize ambiguous, complex, and sometimes conflicting information into clear risk narratives and strategic recommendations for executive audiences. If your strength is compiling data rather than interpreting it, this is not the right role.
• Strong organizational influence and stakeholder management skills — with a track record of driving cross-functional alignment, navigating ambiguity, and influencing senior leaders without direct authority.
• Critical thinking and intellectual curiosity — a default posture of healthy skepticism toward automated outputs, historical baselines, and consensus assumptions.
• Ability to adapt and innovate, challenge the status quo, and identify new solutions while effectively balancing risk, speed, and cost.
• Experience with AI risk management frameworks (e.g., NIST AI RMF, ISO 42001, EU AI Act compliance frameworks) or direct involvement in governing AI systems in operational environments.
• Experience developing fraud, safety, or insider threat risk frameworks, strategies, and operational models.
• Experience with contact center operations in process design and optimization, customer support strategies, and/or quality assurance.
• Familiarity with GRC platforms, risk management tools, case management systems, or investigation ticketing platforms.

Your Location:

This position is US - Remote Eligible. The role may include occasional work at an Airbnb office or attendance at offsites, as agreed to with your manager. Airbnb,Inc. can employ in  states where we have registered entities. Currently, employees can not be located in: Alaska, Indiana, Nebraska, North Dakota, Ohio, South Dakota, Wisconsin, Alabama, Mississippi, Oklahoma, Delaware and Rhode Island. This list is continuously  evolving and being updated, please check back with us if the state you live in is on the exclusion list. If your position is employed by another Airbnb entity, your recruiter will inform you what states you are eligible to work from. 

Our Commitment To Inclusion & Belonging:

Airbnb is committed to working with the broadest talent pool possible. We believe diverse ideas foster innovation and engagement, and allow us to attract creatively-led people, and to develop the best products, services and solutions. All qualified individuals are encouraged to apply.

We strive to also provide a disability inclusive application and interview process. If you are a candidate with a disability and require reasonable accommodation in order to submit an application, please contact us at: [email protected]. Please include your full name, the role you’re applying for and the accommodation necessary to assist you with the recruiting process. 

We ask that you only reach out to us if you are a candidate whose disability prevents you from being able to complete our online application.