IT Risk and Control Officer

Booking.com BV (the company behind Booking.com™, the market leading online hotel reservation service in the world), is in search of an IT Risk and Control Officer who will be part of our growing second line Risk Management function and will be focussed on supporting the Fintech business unit.

We provide a fast-growing working environment, where continuous learning is key for your and Booking.com's development and growth. You will collaborate with other professionals that are experienced in the fields of Risk Management & Controls, IT Security and Internal Audit, who will help you to learn, grow and provide you the freedom to experiment. This is also a key part of the culture at Booking.com.
B. responsible

• Support the FinTech business unit to understand risks according to SOx, Security, GDPR, business continuity, PCI-DSS etc. requirements and assist them in determining optimal controls to mitigate risks in the FinTech environment
• Coordinate risk assessments for new products/platforms based on Booking.com Enterprise Risk Management (ERM) Framework
• Support the business to design controls based on risks in support areas for the IT and business processes
• Monitor changes occurring to the platforms and processes to guide stakeholder to aim sustaining compliance by design
• Provide support in the design, implementation and amendment of controls in complex IT environments
• Support coordination of Internal Audit and External Audit efforts with the business

• Embed ownership and awareness in 1st line of defense via training and communication to control owners
• Drive the continuous improvement of our Booking.com controls framework by providing general and technical guidance on how to maintain and enhance relevant IT controls

• 5+ years of experience gained within compliance, risk management, internal controls or audit
• Practical Risk Management experience with DevOps or open-source tools like Puppet, Jenkins, Gitlab, Github, Docker, or Kubernetes
• Have extensive experience managing end-to-end SOx or operational audits. Also having an understanding of deficiency/ issue management for audits is important for this role.
• Hands on experience with leading risk assessments and financial audits in a technologically dynamic environment, going beyond the standard risks around Access and Change Management
• Familiarity with applicable IT frameworks (COBIT, ITIL, NIST, ISO 27001, 20000, 22301, etc)
• Familiarity with designing controls for Cloud platforms is a big plus, especially AWS
• Experience working in regulated environments or the Banking and Financial services sector or awareness of business processes like OTC, PTP, RTR, etc. is a plus
• IT degree / certificates (CISA, CISM, CISSP, CRISC, etc.)
• Strong stakeholder engagement skills
• Demonstrates the ability to make decisions, assess and resolve problems effectively
• Enthusiastic, self-starting and thrives in changing, agile environments
• Fully comfortable working in English, both written and spoken