Risk and Compliance Officer, Central Tech

About the Department and Team

Booking.com follows a defence in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defence. Global Internal Audit (GIA) is responsible for the 3rd line of defence, Risk and Controls (R&C) is responsible for the 2nd line of defence, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line risk team responsible for Central Tech business unit risks & Security, Safety & Fraud (SS&F) risks across the company.

Role Overview

The Risk & Compliance Officer is an individual contributor with expert-level domain knowledge, proactive and analytical professional with a strong foundation in risk management principles and a demonstrated ability to automate complex processes.

They will be responsible for partnering with risk owners throughout the SS&F department, and other business units, to identify applicable risks, drive appropriate risk responses, and support the design of fit-for-purpose internal controls in line with our risk appetite, maintain the quality of our processes, and ensure regulatory compliance obligations are met. The role requires close collaboration with stakeholders from multiple departments, and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding. In addition, the role requires hands-on experience in automating workflows and processes.

• Act as a Risk Partner to platform owners from the Data & Machine Learning
  Platform domain and development teams, providing expertise in SOX, NIST, DMA, DSA, EU Act Act, NIS2 and security best practices and tailoring compliance requirements to cloud and devops environments
• Architect "Guardrails" for secure and compliant onboarding to cloud environments, ensuring that security is "baked in" rather than "bolted on."
• Provide Right-Sized Advisory on control design. You will champion agile and scalable solutions that solve problems without overengineering, ensuring controls are effective but not obstructive.
• Bridge the Gap between technical teams and audit functions, translating complex tech stacks into risk-based language for Internal/External Audit.

• Execute Technical Risk Assessments for new platforms and major architectural changes. You will identify risks in modern tech stacks and support teams in implementing appropriate safeguards.
• Maintain the Risk Inventory. Systematically track and monitor identified issues originating from audits, penetration tests, and risk assessments to ensure Booking.com maintains a robust and resilient risk posture against current and emerging attack vectors.
• Perform Root Cause Analysis on issues to identify systemic risks and propose structural improvements to the control framework.

• Drive Automation Initiatives by identifying manual compliance bottlenecks and designing efficient workflows leveraging automation and Al.
• Unify Control Frameworks across various platforms to simplify compliance and reduce "compliance fatigue" for engineering teams.
• Enhance Methodology: Contribute to refinement of risk assessment procedures to keep pace with the dynamic nature of a high-growth tech environment.

• Deliver Data-Driven Risk Insights by reporting on risk coverage and issues using tools like Jira and ServiceNow.
• Support Audit Readiness by ensuring that platform owners are prepared for regulatory cycles, walkthrough preparation and facilitation, coordinating evidence requests and drafting remediation & mitigation memos as needed and aligning with engineering teams

• Work experience in business analysis, auditing, corporate governance, risk management or internal controls
• Knowledge of control frameworks such as NIST, PCI-DSS, SOX, SWIFT etc.
• The ability to identify opportunities for automation, design efficient workflows, and implement robust, scalable solutions is critical for this role.
• Good-level of experience with scripting languages like Python.
• Hands on experience as key user or administrator of GRC tool.
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Hands on experience with large e-commerce or tech companies preferable, especially within the first-line of defence.
• Strong knowledge and work experience in Technology Risk domains (e.g. IT, Cybersecurity incl. Data Security, Al/GenAl, Fraud, Trust & Safety).
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
• Able to translate regulatory and risk-related functional and technical requirements for engineering teams to develop secure products, services and solutions.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
• Strong independent contributor, while still a strong team player.
• Previous experience in software development, software engineering is a plus.
• Strong communication skills; fully comfortable working in English, both written and spoken.

• Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
• Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
• Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
• Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
• Promote and drive impactful and innovative engineering solutions
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com

• Let's go places together: How we Hire