Risk and Compliance Officer

Role Overview

The role is focused on leading the identification and reporting of first-line technical risks including, but not limited to: IT, cybersecurity,fraud , trust & safety and any regulatory compliance risks impacting our technology. This role requires engaging with various first-line stakeholders to track and monitor appropriate risk responses, and reporting on our IT controls framework.

The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain governance processes, operating models and set up GRC tooling that reflects our risk appetite and to maintain the quality of our processes. The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding.

This individual contributor develops into a subject matter expert leveraging an understanding of the enterprise risk discipline combining knowledge of theory and organizational practice or expertise across one or more different disciplines within security function (e.g. cybersecurity, privacy, fraud, trust & safety, corporate security, business continuity, IT disaster recovery) and industry frameworks such as NIST, PCI-DSS, SOX, and SWIFT CSF. This role requires practical knowledge of IT and cybersecurity controls to agree on mitigation plans for technology-related risks across the organization.

Responsibilities and skills required for the IT Risk Officer role in Risk Governance focus on upkeep of internal controls spanning the technology landscape, aligning with the organization's risk appetite and ensuring process quality within Booking.com GRC tool which is our backbone of risk management processes and reporting.

The IT Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

Key Job Responsibilities And Duties

Assist in the development and leading of regular security training/awareness programs to train and educate risk owners and the broader organization on internal controls and security topics.
Co-Lead/ support the processes of maturity assessments (cyber, fraud, T&S) and recommendations follow up
Coordinate the follow up of audit and internal assessment security issues; Monitor and report the status of remediation plans; assess remediation progress and challenge management on the selected approach and prioritization.
Co-Lead/ support the process of SS&F risk register update including the maintenance of the SS&F risk definition
Support the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of SS&F.
Manage security exceptions to IT policies and standards.
Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.


Role Qualifications And Requirements

Bachelor’s degree required in technology, computer science or a related field
CISA, CISSP, CISM, CEH, CIPP/E or related certification.
5-7 years work experience in business analysis, information security processes, auditing, corporate governance, risk management, internal controls, security awareness programs.
Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
Strong program management and stakeholder engagement skills.
Thorough technical understanding of SS&F internal control requirements and design and experience in applying them in various businesses.
Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
Good understanding of IT Control and cybersecurity Frameworks, such as COBIT; ISO 27001 and NIST CSF / SP 800-53.
Strong independent contributor, while still a strong team player


Total Reward Philosophy:

The benefits and perks offered by the company can be found here.


Diversity, Equity and Inclusion at Booking.com:

Take it from our Chief People Officer, Paulo Pisano: “At Booking.com, the diversity of our people doesn’t just create a unique workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It’s a place where you can make your mark and have a real impact in travel and tech.”

Read all about DEI and the Employee Resource Groups (ERGs) at Booking.com here

Career Development Opportunities:

Learn more about Your Career Journey here.
Become a Mentee and benefit from a mentoring relationship with a more experienced person to help you identify and achieve your professional and personal development goals.
Access to personalized one-to-one coaching with our internal coaches.


Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
Show more Show less