Booking.com BV (the company behind Booking.com™, the market leading online hotel reservation service in the world), is in search of an IT Risk Officer who will be part of our growing Trust, Risk, Assurance & Compliance (TRAC) group.

We provide a fast-growing working environment, where continuous learning is key for your and Booking.com’s development and growth. You will collaborate with other professionals that are experienced in the fields of Risk & Compliance, Security and Technology, who will help you to learn, grow and provide you the freedom to experiment. Such is also part of the culture of Booking.com.

B.responsible

The ideal candidate will have a strong technical and governance background with experience in IT policies, cybersecurity risk management and IT controls.

• Lead and drive IT policy lifecycle and support teams to develop, release and implement security policies
• Conduct gap assessments for new policies from a cybersecurity risk perspective, in collaboration with the Risk & Controls team and implementing teams.
• Provide guidance to business teams regarding security policy implementation and IT risk point of view in collaboration with the security product managers. The goal is to mitigate the risks identified during risk assessments in line with the company's risk appetite.
• Periodically report the status of the policy development, release and implementation to bring visibility and address potential security gaps outside of risk appetite.

• Provide support in the design, implementation and amendment of technology risk register
• Enable continuous improvement, maintaining our Booking.com security policy framework, by providing general and technical guidance on how to maintain relevant policies
• Maintain technology risk register and track risk exposures against risk appetite

B.skilled

• 3-5 years of experience gained within compliance, internal controls or audit;
• Business or IT degree / certifications (CISSP, CRISC, CISA, CISM, or similar)
• Hands-on experience in the developing and implementation of IT policies
• Experience in IT and Governance frameworks like NIST, SOX, PCI, GDPR, COBIT, ITIL, Risk IT ,CSA
• Deep understanding of risk management methodologies, frameworks, and principles to evaluate and recommend best approach to mitigating risk with sustainable controls
• IT audit or risk management background (client-side experience in addition to consultancy experience is preferred)
• Familiar with ServiceNow, Google Suite, JIRA and JIRA Align (or similar)
• Understanding of DevOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes
• Strong program management and stakeholder engagement skills
• Ability to make decisions, assess and resolve problems effectively
• Enthusiastic, self-starting and enjoys change
• Independent & autonomous, while still a strong team player
• Fully comfortable working in English, both written and spoken

B.offered

We are a performance-based company that offers career advancement and lucrative compensation, including bonus. We also offer what is called the “Booking Deal” with competitive benefits. This position is open to worldwide candidates and in the case of relocation, we will assist you with a generous relocation package, ensuring a smooth transition to working and living in The Netherlands.