Booking.com BV (the company behind Booking.com™, the market leading online hotel reservation service in the world), is in search of an IT Risk Officer who will be part of our growing Trust, Risk, Assurance & Compliance (TRAC) group.
We provide a fast-growing working environment, where continuous learning is key for your and Booking.com’s development and growth. You will collaborate with other professionals that are experienced in the fields of Risk & Compliance, Security and Technology, who will help you to learn, grow and provide you the freedom to experiment. Such is also part of the culture of Booking.com.
The ideal candidate will have a strong technical and governance background with experience in IT policies, cybersecurity risk management and IT controls.
Lead and drive IT policy lifecycle and support teams to develop, release and implement security policies
Conduct gap assessments for new policies from a cybersecurity risk perspective, in collaboration with the Risk & Controls team and implementing teams.
Provide guidance to business teams regarding security policy implementation and IT risk point of view in collaboration with the security product managers. The goal is to mitigate the risks identified during risk assessments in line with the company's risk appetite.
Periodically report the status of the policy development, release and implementation to bring visibility and address potential security gaps outside of risk appetite.
Provide support in the design, implementation and amendment of technology risk register
Enable continuous improvement, maintaining our Booking.com security policy framework, by providing general and technical guidance on how to maintain relevant policies
Maintain technology risk register and track risk exposures against risk appetite
3-5 years of experience gained within compliance, internal controls or audit;
Business or IT degree / certifications (CISSP, CRISC, CISA, CISM, or similar)
Hands-on experience in the developing and implementation of IT policies
Experience in IT and Governance frameworks like NIST, SOX, PCI, GDPR, COBIT, ITIL, Risk IT ,CSA
Deep understanding of risk management methodologies, frameworks, and principles to evaluate and recommend best approach to mitigating risk with sustainable controls
IT audit or risk management background (client-side experience in addition to consultancy experience is preferred)
Familiar with ServiceNow, Google Suite, JIRA and JIRA Align (or similar)
Understanding of DevOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes
Strong program management and stakeholder engagement skills
Ability to make decisions, assess and resolve problems effectively
Enthusiastic, self-starting and enjoys change
Independent & autonomous, while still a strong team player
Fully comfortable working in English, both written and spoken
We are a performance-based company that offers career advancement and lucrative compensation, including bonus. We also offer what is called the “Booking Deal” with competitive benefits. This position is open to worldwide candidates and in the case of relocation, we will assist you with a generous relocation package, ensuring a smooth transition to working and living in The Netherlands.