Incident Response Manager - Global Security Incident Management

3+ months agoAmsterdam, Netherlands

The Incident Response Manager - Global Security Incident Management will report to the Senior Manager of Global Security Incident Management.

An Incident Response Manager will have a hybrid role covering both the strategic incident response program as well as acting as an escalation point for IR teams and providing operational incident management services during high priority cyber security and fraud incidents spanning multiple business units with high exposure to senior stakeholders.

An Incident Response Manager is expected to have a deep understanding of elements of frameworks (ITIL, NIST, ACFE etc) relating to incident response and be able to translate these best practises into practical and effective policies and procedures fit for purpose at Alongside this iterative program work, Incident Response Manager will be measuring and reporting on the effectiveness of the various incident response teams within the Security & Fraud department in order to target training and process improvements on areas that actually need it and support those steps with relevant data points.

An Incident Response Manager will be expected to be on call for at least 1 week per month and will have to be flexible with working hours given the nature of the role. The Incident Response Manager will be called upon to coordinate efforts during incident response when high priority security or fraud incidents occur. The Incident Response Manager is responsible for the entire end to end management of an incident from the preparation phase right through to the post incident activities driving containment and remediation of incidents and escalating to the Crisis Management Team when necessary.

An Incident Response Manager will at times be in contact with senior leadership both within booking and the broader Booking Holdings organization, to ensure transparency and clarity of the current state of events, so the ability to communicate clearly and concisely, both in written and verbal form, is crucial to the role's success


  • Incident Response Management (Tactical & Programmatic)
    • Acts as Incident Manager for critical cyber and fraud incidents with high business impact including 24/7 on-call for at least 1 week per month.
    • Drives incident response program elements to ensure IR effectiveness and readiness.
    • Ensures that key stakeholders are kept up to date on key developments in a timely manner during IR.
    • Facilitates onboarding and table top exercises to support continuous improvement and increase maturity level of IR capability.
    • Is connected with emerging threats, security flaws, and vulnerabilities
    • Consult with incident response teams to ensure that they are adequately prepared for incident response activities.
    • Creates and facilitates workshops and training sessions for teams with specific improvement areas regarding IR activities.
    • Collaborates with problem management functions to ensure that retrospective findings are remediated.
Communication and Partnerships
  • Develops relationships with key security partners across
  • Ensures to effectively receive buy-in from key stakeholders both within the Security department and across the business on strategic IR program initiatives.
  • Carries out regular reporting with clarity and key insights providing solutions and accurate timelines.
  • Actively builds and leverages a network across the industry.
Innovation and Excellence
  • Identifies (both proactively and reactively) opportunities to improve incident management/response processes.
  • Takes the lead and holds capability area leads accountable for improving incident detection, response, and remediation.
  • Continually iterates on existing governance mechanisms to adhere to both industry best practices and ensure that it fits in with operations.
  • Identifies new tooling opportunities, building business cases and escalating as appropriate.
Leadership - technical / non-technical
  • Demonstrates strategic mindset
  • Leader within the Security organization and contributes to broader strategic projects to improve overall security posture.
  • Role models Incident Management best practices during IR activities identifying potential IM talent within the organisation.
Vendor Management
  • Identifies vendor opportunities effectively manages them as needed.
  • 5+ years' experience coordinating large scale security incidents
  • Incident management skills: able to set priorities, pursue multiple threads at the same time, accurately reflect current state and drive towards desired state
  • Experience of being on-call and working flexible hours
  • Excellent written and verbal communication skills are required, including the ability to communicate technical concepts clearly and effectively
  • Experience communicating with senior stakeholders in high pressure situations
  • Thrives within a global and inclusive working environment
  • Knowledge of frameworks such as PCI, SOX, NIST, ITIL and GDPR is advantageous
  • Flexible, adaptable and down-to-earth and an expert in multi-tasking
  • Certification of cybersecurity, Forensic, and Incident response is a plus (CISSP, ECSA, GISP, GCIH, GCFE, GCFA)
  • Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
  • Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travellers worldwide
  • Working in a fast-paced and performance driven culture
  • Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
  • Promote and drive impactful and innovative engineering solutions
  • Technical, behavioural and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
  • Competitive compensation and benefits package and some great added perks of working in the home city of
We value Diversity of all types and in an open, dynamic workplace. This has been a pillar at since day one, and something we continue to strongly believe in and build today. is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Job ID: booking-BOOKUS2992119EXTERNAL