Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focusing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team.
The First line IT Risk & Compliance Analyst within IT Compliance and Controls Assurance (TCOM) is responsible for partnering with risk and control owners throughout all Booking business units to maintain compliance of internal controls in line with our risk appetite and to maintain the quality of control processes. The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding.
Responsibilities and skills required for the IT Risk Analyst role are tightly linked to the Capability Area they work for, (in IT Compliance & Control Assurance -TCOM) TCOM focuses on ensuring our IT control environment is monitored and controls are operating as expected.
The IT Risk & Compliance analyst role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations. Part of the objective of this role is reporting dedicated risk metrics and supportive insights. We achieve this by means of several reporting channels and right KRI design & Build.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Clearly articulate IT controls narratives and build knowledge of internal controls, systems and process landscape to enable clear understanding of impact and lead Initiative affecting control framework on wider organizations.
Promote control owner’s accountability for IT controls documentation by
continuously reporting on control execution, coverage, KRI and issues through booking reporting and dashboarding tools (Jira, Tableau, ServiceNow), while providing meaningful insights about specific outliers identified.
Design, maintain and monitor KPI and KRI metrics.
Support the Risk monitoring process by following up on threshold breaches and gathering insights on the situation.
Be updated on the latest development on tools and systems feeding the reported data.
Build strong relationships with key stakeholders.
Support IT SOX & PCI control design, reporting and remediation follow ups.
Provide audit support for SOX controls and PCI assessments with needed walkthroughs, documentation and follow ups.
Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).
Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
Control mapping of internal control to industry frameworks and best practices.
Role Qualifications and Requirements
Bachelor Degree
3-5 years of relevant experience
First experience in business analysis, auditing, corporate governance, risk management or internal controls
Understand key risk Indicators and role into the risk management world
Rephrase a business problem into an analytical problem and be able to interpret big data
Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture
Basic technical understanding of internal technical control requirements and design and experience in applying them in various businesses
Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the IT control environment
Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time
Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com
Strong independent contributor, while still a great teammate
Knowledge of regulatory and compliance frameworks affecting technology - SOX, PCI, NIST, COBIT
Familiar with ServiceNow, Google Suite, Jira tools (or similar), cloud environments is a plus, but not mandatory
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
