Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
The Security & Response Team Lead is a crucial role in the Global Security Operations Centre (GSOC) as part of the front line defense of Booking.com in protection of, primarily, their people and assets and where needed also an important role in protecting customers and partners from people/physical security threats. The GSOC falls within the wider Group Regional Security Intelligence and Response Capability Area (CA). The CA delivers regional and global people/physical security intelligence and response capabilities through three distinct teams, split between Norwalk, Amsterdam, Bucharest, and Singapore.
The Team Lead will oversee the daily operations of the GSOC, ensuring day to day responsibilities are undertaken in line with existing runbooks and Standard Operating Procedures (SOPs), ensuring robust coordination, stakeholder communication, and documentation across the full incident lifecycle. They will oversee, escalate, and guide the response to those cases for which standard SOPs do not apply, and subsequently ensure updates are made to governance documentation such as SOPs, and runbooks. They will work cross functionally within Global Security & Resilience (GSR) as well as with non-GSR - teams such as Business Continuity Operations - as part of ensuring continuous improvement to GSOC deliverables and responsiveness to stakeholder needs.
The Team Lead will be responsible for building and tracking team objectives in line with strategic and tactical departmental priorities, and support in ensuring the data capture systems and structures of the GSOC by leveraging subject matter expertise combined with business acumen to ensure that we are effectively and efficiently capturing relevant datapoints in order to drive and improve business risk reduction efforts, team health, and support commercial operations.
A key focus of the role is fostering an inclusive, high-performing team culture through active coaching, transparent and open communications, structured development, and recognition of talent. The Team Lead will also ensure that team workflows, tooling, and outputs are continuously optimized in line with security industry best practices. The role requires leadership acumen, operational decision-making, and a forward-looking mindset, coupled with the ability to think tactically, communicate clearly under pressure, and help support the evolution of a critical business-enabling capability.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Operational Management & Oversight:
Manage the daily operations of the GSOC, ensuring comprehensive situational awareness and adherence to daily activity schedules, supporting and guiding the team on duty as required with subject matter expertise.
Ensure daily prioritization of the team in line with business and Capability Area priorities, identifying resourcing bottlenecks and escalating/managing as applicable.
Approve and validate all incident reports and provide concise, relevant and impactful briefings to relevant teams regarding potential or actual security incidents.
Serve as the primary incident leader for major security events, particularly those that fall outside the scope of existing Standard Operating Procedures (SOPs) or require a bespoke response.
Maintain detailed metrics and comprehensive reports of daily activities as part of integrated Capability Area systems, ensuring seamless and effective shift transitions.
Proactively identify and communicate business centric requirements underpinned by data for enhancements in GSOC software, hardware, or staffing modifications to the GSOC Manager and Capability Area leadership.
Uphold the highest standards of confidentiality and information security practices across all operations, ensuring GSOC operations and governance documentation is updated and understood by the team and in line with business expectations and requirements.
Able to improve personal and team output by effectively using AI and developing technologies on a continuous basis.
Active Monitoring & Intelligence Analysis:
Oversee and manage the conducting of continuous global monitoring of events that could potentially impact our organization, its personnel, operations, assets, reputation, and stakeholders, escalating as appropriate based on established thresholds.
Ensure the effective and efficient leveraging of vendor resources and personal networks, to conduct thorough research, assessment, and analysis, escalating training/tooling gaps to GSOC and Capability Area Management as part of proposed solutions.
Oversee and where required proactively execute the collection, assessment, and analysis of a variety of data into actionable reports, ensuring adherence to departmental templates and SLAs.
Ensure the production of, and adherence to, runbooks detailing OSINT techniques and procedures for a variety of deliverables including site-specific risk assessments, event security risk assessments.
Work collaboratively with Regional Lead Analysts and Regional Security Managers in ensuring local intelligence requirements are met, monitored and documented where applicable.
Ensure ongoing team familiarity and comfort with OSINT and wider intelligence analysis techniques as relevant for the role, proposing training with subject matter experts where required.
Security Response:
Lead the immediate and effective response to a wide spectrum of office security events globally. This includes, but isn't limited to, coordinating actions during fire alarms, managing workplace medical emergencies, responding to civil unrest, and addressing other critical incidents that demand urgent support.
Facilitate thorough post-incident debriefings with relevant stakeholders, including internal departments and external partners, to meticulously review incident handling. Based on these debriefings, you'll propose and implement necessary edits to existing SOPs and lead the development of new protocols to enhance future responses and strengthen our overall security posture.
Support in ensuring all SOPs are reviewed on an annual basis and updated, obtaining inputs from relevant stakeholders, notably regional Security Managers and Corporate Security.
Communications & Stakeholder Management:
Represent the team in cross-functional forums, using subject matter expertise to translate technical items or tool requirements into clear, actionable messaging/action for a variety of stakeholders
Provide verbal and written briefings on geopolitical and employee physical security issues to GSR during major incident/ crisis scenarios, ensuring communication is concise, relevant, and impact-oriented
Act as the right hand and back up to GSOC Manager in major incident/crisis response
Ensure effective internal messaging across direct reports in aligned with Capability Area strategy, helping translate strategic goals into clear tactical direction and individual accountability
Champion cross-functional collaboration with teams such as Trust & Safety, BTI, Investigations, Public Relations, and Legal to drive alignment on shared goals and ensure the business benefits from these diverse areas of individual expertise as part of its operations
Engage, where required, in diplomatic conflict resolution and problem solving within teams, both those directly managed and wider teams, especially in managing high workloads and ensuring efficient prioritisation during times of major incidents and crises
Team Management & Leadership:
Support the GSOC manager and Capability Area Leader (CAL) in the design and implementation of annual plans and strategic roadmaps for the team, based on business needs and priorities, and the complex and evolving global geopolitical security and people/physical threat landscape to minimise risk and maximise opportunity based on these. Track and report against these with meaningful metrics.
Drive continuous improvement for the team through optimizing for cost and operational excellence, using knowledge of the people/physical security and intelligence landscape in pursuit of cost-efficient and effective day-to-day operations
Ensure workflows, methodologies, and outputs remain aligned with security industry best practices and company standards; support departmental reviews and process audits on subject matter relevant areas to enhance quality, efficiency, and consistency
Create the working environment that attracts, engages, develops and retains your people to their full potential including ensuring all team members are supported in their growth, through constant feedback, coaching and mentoring programs, including making use of relevant subject matter specific courses and external forums in order to maximise employee development in line with industry best practice
Coaching your team(s) on and role model the Booking values on Think Customer First, Own It, Learn Forever, Succeed Together, and Do the Right Thing; create a psychologically safe environment for team members to do their best work; conduct performance management and feedback delivery with proven results across team members
Role Qualifications and Requirements
Demonstrable understanding of global geopolitical dynamics, with a particular focus on security trends and natural disasters coupled with the ability to perform effectively under pressure and make autonomous operational decisions concerning colleague security.
1-3 years of proven people management experience, ideally within a GSOC environment.
Outstanding written and verbal communication abilities, capable of providing empathetic and effective counsel up to Senior Manager Level and producing clear and concise written briefs.
Practical experience conducting OSINT investigations, encompassing both crisis situations and individuals of interest and/or practical security incident response/operations experience in a military, private sector or police context.
A proactive problem-solving mindset and a service-orientated approach.
Meticulous attention to detail, strong organizational skills, and the capacity to effectively multitask and to meet deadlines, often within stringent timeframes.
Demonstrated ability to manage confidential and highly sensitive information with discretion and professionalism and a corresponding experience in empathetically managing individuals who may be upset, distressed, or navigating sensitive situations.
In-depth understanding of incident response methodologies and best practices.
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
