Risk and Compliance Officer

Role Overview

The role is focused on leading the identification and reporting of first-line technical risks including, but not limited to: IT, cybersecurity,fraud , trust & safety and any regulatory compliance risks impacting our technology. This role requires engaging with various first-line stakeholders to track and monitor appropriate risk responses, and reporting on our IT controls framework.

The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain governance processes, operating models and set up GRC tooling that reflects our risk appetite and to maintain the quality of our processes. The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding.

This individual contributor develops into a subject matter expert leveraging an understanding of the enterprise risk discipline combining knowledge of theory and organizational practice or expertise across one or more different disciplines within security function (e.g. cybersecurity, privacy, fraud, trust & safety, corporate security, business continuity, IT disaster recovery) and industry frameworks such as NIST, PCI-DSS, SOX, and SWIFT CSF. This role requires practical knowledge of IT and cybersecurity controls to agree on mitigation plans for technology-related risks across the organization.

Responsibilities and skills required for the IT Risk Officer role in Risk Governance focus on upkeep of internal controls spanning the technology landscape, aligning with the organization's risk appetite and ensuring process quality within Booking.com GRC tool which is our backbone of risk management processes and reporting.

• Assist in the development and leading of regular security training/awareness programs to train and educate risk owners and the broader organization on internal controls and security topics.
• Co-Lead/ support the processes of maturity assessments (cyber, fraud, T&S) and recommendations follow up
• Coordinate the follow up of audit and internal assessment security issues; Monitor and report the status of remediation plans; assess remediation progress and challenge management on the selected approach and prioritization.
• Co-Lead/ support the process of SS&F risk register update including the maintenance of the SS&F risk definition
• Support the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of SS&F.
• Manage security exceptions to IT policies and standards.
• Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.

• Bachelor's degree required in technology, computer science or a related field
• CISA, CISSP, CISM, CEH, CIPP/E or related certification.
• 5-7 years work experience in business analysis, information security processes, auditing, corporate governance, risk management, internal controls, security awareness programs.
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Strong program management and stakeholder engagement skills.
• Thorough technical understanding of SS&F internal control requirements and design and experience in applying them in various businesses.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
• Good understanding of IT Control and cybersecurity Frameworks, such as COBIT; ISO 27001 and NIST CSF / SP 800-53.
• Strong independent contributor, while still a strong team player

• The benefits and perks offered by the company can be found here.

• Learn more about Your Career Journey here.
• Become a Mentee and benefit from a mentoring relationship with a more experienced person to help you identify and achieve your professional and personal development goals.
• Access to personalized one-to-one coaching with our internal coaches.