Job Properties
  • Job Type
    Full-time Position
  • Category
    Security & Surveillance
  • Languages
  • Experience Required
  • Degree Required
    • Province
    • Date Posted
      September 24,2021
    • JSS
    • VISA
    • IMG_6430
    • Career Consultation
    • CV CHECK

    Incident Response Manager - Global Security Incident Management

    Security Incident Response Manager

    It wasn’t so long ago that booking a trip to see the Eiffel Tower, stroll down New York’s iconic Madison Avenue or feel the sand between our toes on Copacabana Beach was simply a matter of a few taps on our smartphone. In fact, that’s what we do at We make it easier for everyone to experience the world. And while that world might feel a little farther away right now, we’re busy preparing for when the world is ready to travel once more.

    Across our offices worldwide, we continue to innovate. To solve for some of the most complex challenges in travel and technology, and to plan for the exciting developments that lie ahead. With strategic long-term investments into what we believe the future of travel can be, we are opening up new career opportunities that will have a strong impact on our mission. We are united in the belief that our very human desire to explore the planet’s beauty and discover more about other people and cultures will endure. The world is waiting for us. Together, we will be ready.

    Being one of the world's largest e-commerce websites in the world doesn’t happen on its own. In Central Tech, we focus on two primary areas: Customer Trust: Our Global Security team thinks about protecting our customer’s trust in us every day. Our Global Information Office ensures all the infrastructure and systems used to bring to you are scalable and operationally excellent. Our mission is to provide a trusted and always-available to the entire world.

    Within the Security department at, Security Services protects from financial loss and brand damage by strategically securing channels; assets, customers, employees, partners, brand reputation, transaction, integrity, and infrastructure - through the use of world class technical capabilities that appropriately balance the management of risk with the impact to global business operations.

    A Security Incident Response Manager will have a hybrid role covering both the strategic incident response program as well as acting as an escalation point for IR teams and providing operational incident management services during high priority cyber security and fraud incidents spanning multiple business units with high exposure to senior stakeholders.

    We expect you to have a deep understanding of elements of frameworks (ITIL, NIST, ACFE etc.) relating to incident response and be able to translate these best practices into practical and effective policies and procedures fit for purpose at Alongside this iterative program work, Incident Response Manager will be measuring and reporting on the effectiveness of the various incident response teams within the Security & Fraud department in order to target training and process improvements on areas that actually need it and support those steps with relevant data points.

    The Security Incident Response Manager will be expected to be on call for at least 1 week per month and will have to be flexible with working hours given the nature of the role. You will be called upon to coordinate efforts during incident response when high priority security or fraud incidents occur. The Incidents Response Manager will also be responsible for the entire end to end management of an incident from the preparation phase right through to the post incident activities driving containment and remediation of incidents and escalating to the Crisis Management Team when necessary.

    At times the Incident Response Manager be in contact with senior leadership both within booking and the broader Booking Holdings organization, to ensure transparency and clarity of the current state of events, so the ability to communicate clearly and concisely, both in written and verbal form, is crucial to the role's success


    • Incident Response Management (Tactical & Programmatic)

      • Acts as Incident Manager for critical cyber and fraud incidents with high business impact including 24/7 on-call for at least 1 week per month.
      • Drives incident response program elements to ensure IR effectiveness and readiness.
      • Ensures that key stakeholders are kept up to date on key developments in a timely manner during IR.
      • Facilitates onboarding and table top exercises to support continuous improvement and increase maturity level of IR capability.
      • Is connected with emerging threats, security flaws, and vulnerabilities
      • Consult with incident response teams to ensure that they are adequately prepared for incident response activities.
      • Creates and facilitates workshops and training sessions for teams with specific improvement areas regarding IR activities.
      • Collaborates with problem management functions to ensure that retrospective findings are remediated.

    Communication and Partnerships

    • Develops relationships with key security partners across
    • Ensures to effectively receive buy-in from key stakeholders both within the Security department and across the business on strategic IR program initiatives.
    • Carries out regular reporting with clarity and key insights providing solutions and accurate timelines.
    • Actively builds and leverages a network across the industry.

    Innovation and Excellence

    • Identifies (both proactively and reactively) opportunities to improve incident management/response processes.
    • Takes the lead and holds capability area leads accountable for improving incident detection, response, and remediation.
    • Continually iterates on existing governance mechanisms to adhere to both industry best practices and ensure that it fits in with operations.
    • Identifies new tooling opportunities, building business cases and escalating as appropriate.

    Leadership - technical / non-technical

    • Demonstrates strategic mindset
    • Leader within the Security organization and contributes to broader strategic projects to improve overall security posture.
    • Role models Incident Management best practices during IR activities identifying potential IM talent within the organisation.

    Vendor Management

    • Identifies vendor opportunities effectively manages them as needed.


    • 5+ years' experience coordinating large scale security incidents
    • Incident management skills: able to set priorities, pursue multiple threads at the same time, accurately reflect current state and drive towards desired state
    • Experience of being on-call and working flexible hours
    • Excellent written and verbal communication skills are required, including the ability to communicate technical concepts clearly and effectively
    • Experience communicating with senior stakeholders in high pressure situations
    • Thrives within a global and inclusive working environment
    • Knowledge of frameworks such as PCI, SOX, NIST, ITIL and GDPR is advantageous
    • Flexible, adaptable and down-to-earth and an expert in multi-tasking
    • Certification of cybersecurity, Forensic, and Incident response is a plus (CISSP, ECSA, GISP, GCIH, GCFE, GCFA)


    • Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
    • Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travellers worldwide
    • Working in a fast-paced and performance driven culture
    • Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
    • Promote and drive impactful and innovative engineering solutions
    • Technical, behavioural and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
    • Competitive compensation and benefits package and some great added perks of working in the home city of

    We value Diversity of all types and in an open, dynamic workplace. This has been a pillar at since day one, and something we continue to strongly believe in and build today. is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

    Open Positions from
    Related positions