Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.
Role description
The IT Risk Officer will be an individual contributor within Booking Holdings. The role is focused on supporting the Central Cybersecurity GRC Program. This role requires engaging with senior stakeholders to identify cybersecurity needs and risks, define appropriate risk responses, and support and maintain a fit-for-purpose IT controls framework, including the development of additional cybersecurity controls. The IT Risk Officer is also a subject matter expert demonstrating a deep understanding of the enterprise risk discipline combining deep knowledge of theory and organizational practice or expertise across several different disciplines within a function.
This individual convinces stakeholders who may be skeptical or unwilling to accept new concepts, practices and approaches when it comes to cybersecurity risk.
Successful risk expertise requires dynamic individuals who are able to liaise with various senior stakeholders and thus need to be articulate communicators, foster collaboration, integrate perspectives and aim to business beneficial outcomes.
This role provides a hybrid way of working with an onsite presence of 2 days/week.
Key Job Responsibilities and Duties
Support stakeholders with cybersecurity GRC expertise and knowledge. Responsible for performing risk assessment across all relevant cyber security topics, including materiality assessments for incidents falling into the SEC Disclosure program scope/remit.
Drive business engagement across brands to provide cybersecurity GRC awareness for teams that have a clear need to manage risks without significantly affecting their development velocity and/or play a key role towards achieving strategic objectives in the company.
Design, align and collaborate the GRC processes for cybersecurity topics, metric development, etc. within and across brands by driving continuous improvement of the cybersecurity program.
Support design and implementation plan of security metrics and control that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering). Ensure the metrics are SMART and reportable to the leadership.
Support the definition, publishing, implementation and regular review of cybersecurity policies, processes, standards.
With limited supervision, should be able to use quantitative and qualitative data to drive decision making.
Support senior stakeholders across brands and help to promote and embed risk and compliance ownership across the business as well as to broaden and expand their knowledge base of both the internal and external risk environment.
Be a “subject matter expert” in different risk and cybersecurity related domains including familiarity with industry-standard frameworks.
Assist the GRC Manager to identify ways to increase the team’s business impact, and improve and streamline the productivity.
Role Qualifications and Requirements
Bachelor degree
5 - 8 years relevant Job Knowledge
Strong risk and control or audit/assurance background with a deep understanding of operational and technology risk
Strong understanding of technology risk management, controls and compliance
Experience in design and implementation of security controls
Detailed understanding of industry accepted Information Security and IT governance standards (i.e. NIST CSF, COBIT, ISO 27k) and general cyber security concepts
Experience and/or understanding of applicable regulations such as Sarbanes Oxley, PCI-DSS, GDPR, SOC2, SEC Disclosure
Stakeholder Management
Benefits & Perks
Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users
Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
