Director Enterprise Security

Director Enterprise Security

About Booking.com

Established in 1996 in Amsterdam, Booking.com has grown from a small Dutch start-up to one of the largest ecommerce companies in the world. Booking.com is the largest business within Booking Holdings (NASDAQ: BKNG) and accounts for the vast majority of Booking Holdings' total revenue. Booking Holdings is a leading Fortune 500 e-commerce conglomerate with a market cap of roughly $166 billion (2025). Booking.com currently employs approximately 13,000 employees in 140 offices in 70 countries worldwide.

With a mission to make it easier for everyone to experience the world, Booking.com invests in digital technology that helps take the friction out of travel. Booking.com connects travelers with the world's largest selection of incredible places to stay, including everything from apartments, vacation homes, and family-run B&Bs to 5-star luxury resorts and even tree houses. The Booking.com website and mobile apps are available in over 44 languages, offer more than 28M total reported listings, and cover over 174,000 destinations in 229 countries worldwide. Offering 30 different types of places to stay, including homes, apartments, B&Bs, hostels, farm stays, bungalows, even boats, igloos, and treehouses. So whether travelling for business or leisure, customers can instantly book their ideal accommodation quickly and easily, without booking fees and backed up by its promise to price match. Via the customer experience team, customers can reach Booking.com 24/7 for assistance and support in over 44 languages, any time of the day or night.

At Booking.com, we are all involved in making hundreds of decisions every day. The decisions we make are a reflection of our Values - they reflect what is important to us, both as individuals and as an organisation.

When Values are made explicit, they provide clarity on what "good" looks like. And when they are shared, they build unity in a group. They build culture.

• Think customer first. We obsess about adding value for our customers - guests, partners, colleagues - to make it easier for everyone to experience the world.

• Own it. We deliver on our promises, make informed decisions and prioritize to get the important things done today.

• Learn forever. We are resilient, take time to reflect, and seek to learn - from colleagues, from the outside world and from our failures.

• Succeed together. We celebrate team success, through making connections, building trust and valuing the diverse perspectives of others.

• Do the right thing. We get the right results the right way. For each other, our communities and the world around us.

• Strategic Leadership & Business Ownership: Implement the company security strategy by being responsible for the development and delivery of a comprehensive 1-3 year roadmap for Enterprise Security. Drive the delivery of security solutions for the cloud and hybrid infrastructure, enabling engineering teams to move with speed and safety. Assume full ownership and financial accountability for the multi-million euro budget, focusing on improving return on investment (value), cost optimization, and clear reporting. Lead strategic vendor management for the domain, including negotiations and performance management to ensure value and innovation. Align and mature the core Enterprise Security capabilities, tracking and reporting their effectiveness against industry frameworks like the NIST CSF.
• Directly support the CISO to drive effective strategy and consistent decision-making.

• Act as the designated, single point of accountability for all Enterprise Security services (Infrastructure, Corporate Defense, IAM) delivered to other Booking entities. Establish and lead Service Level Agreements (SLAs), monitoring, and reporting mechanisms to demonstrate service health and compliance with all applicable requirements.
• Ensure all services, processes, and controls are designed and operated to be auditable and aligned with relevant standards, particularly the stringent regulations governing financial services (e.g., DORA, EBA).
• Serve as the primary liaison for regulatory and compliance matters related to the enterprise domain, collaborating with internal audit, legal, and external parties as required.

• Lead the end-to-end security and architectural direction for all underlying company infrastructure, including endpoint, on-prem and cloud environments.
• Lead the operational effectiveness of the corporate IT environment's defenses.
• Drive and secure implementation of Identity & Access Management (IAM) across the enterprise.

• Cultivate a culture of excellence, ownership, and psychological safety that attracts, develops, and retains extraordinary security talent.
• Champion the growth of team members by providing continuous coaching, mentorship, and clear, actionable feedback, empowering them to solve sophisticated challenges.
• Lead, mentor, and grow a global, multi-disciplinary organization of 60+ professionals, ensuring clear roles, responsibilities, and career pathways.

• People-First Leadership: ability to cultivate a culture of excellence, ownership, and psychological safety, empowering teams and championing the growth of individuals.
• Exceptional Collaboration and Influencing Skills: A natural ability to build consensus, navigate a sophisticated matrix organization, and drive outcomes with and without direct authority.
• Strategic Execution Approach: The ability to translate high-level strategy into concrete roadmaps and deliver measurable results.
• Executive Communication: ability to distill highly technical topics into clear, compelling language for senior leaders and non-technical audiences.

• Navigating Complexity: The ability to lead services and teams within sophisticated regulatory landscapes.
• A pragmatic and proactive attitude focused on enabling the business, anticipating needs, and exercising excellent professional judgment.
• Data-Driven Decision Making: The ability to qualify decisions with data first, then add professional judgment and experience.

• Risk Management Processes
• IT Supply Chain Security and Risk Management
• Industry Best Practices & Modern Threat Landscape
• Resilience and Continuity of Operations Planning

• Significant knowledge and demonstrated expertise evidenced by a career in information security and technology management, program delivery, and innovation.
• Advanced experience in Cloud & on-prem security, identify access management and cyber defense & response is a must requirement.
• Experience leading large teams of around 50 FTE

• Security domains: cloud Security (AWS/GCP) & "Easy Path" Implementations
• Network Security Concepts, Protocols, and Methodologies
• Security Architecture & Enterprise Architecture
• Information Assurance Principles.
• Frameworks & Regulations: Security Frameworks (NIST CSF, ISO 27001, etc.)

• Regulatory Landscapes (GDPR, SOX, CCPA, PCI-DSS, DORA)
• Certifications such as CISSP, CISM, or similar are advantageous.
• Knowledge of frameworks such as NIST, ISO 27001, PCI, SOX is required.
• Experience with financial services regulations (e.g., EBA guidelines, DORA) is highly advantageous
• Strong learners attitude exploring automation and AI

• Lead and inspire the enterprise security organization of around 60-80 FTE, whilst further building out the operating model of a new established organization
• Be a trusted partner to the Central Tech and Booking.com teams on enterprise security
• Build and defend the enterprise environment and protect corporate and customer data.

• Open-minded & learning-oriented: embraces feedback and fosters curiosity
• Transparent & communicative: shares information clearly and honestly
• Positive & proactive: takes initiative and navigates challenges with resilience
• Execution focus: combines strategic thinking with hands-on delivery
• Customer-centric: keeps the customer at the center of decisions
• Inclusive & culturally aware: values diverse perspectives and equity
• Data-driven & adaptable: leverages data, embraces experimentation, thrives in fast-moving environment