Risk & Compliance Officer - Application Data Services

About us

At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. But our company is more than datasets, lines of code or A/B tests. We're the thrill of the first night in a new place. The excitement of the next morning. The friends you encounter. The journeys you take. The sights you see. And the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.

About the team: MySQL-Service Discovery

The MySQL-service discovery team is responsible for designing, building, and operating Booking.com's core service discovery solutions for MySQL database infrastructure. Our team focuses on enabling reliable, automated, and scalable discovery and connectivity for thousands of MySQL instances across Business Units and technical platforms. We partner closely with engineering, infrastructure, and SRE peers to deliver resilient database access, drive engineering best practices, and ensure high availability to support Booking.com's critical applications. By leveraging automation and robust monitoring, we empower Booking.com product teams to consume MySQL resources with minimal friction, maintain strong security, and meet the platform's high operational standards. One big topic we are working is to migrate Databases to AWS.

• Risk Management Support risk owners to design controls that mitigate any relevant risks all the way through to implementation and monitoring.
• Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).
• Coordinate new requests from the business functions and units for support with controls.
• Participate in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development lifecycle.
• Assist in the development and leading of regular training/awareness programs to train and educate risk owners on internal controls topics.
• Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
• Risk Governance & Project Management Support the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of cybersecurity, privacy and regulatory compliance.
• Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT policies and standards.
• Manage exceptions to IT policies and standards.
• Third Party Risk and Customer Trust Conduct third-party due diligence.
• Perform privacy and information security risk assessments at third parties. Identify opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation.
• For specific documentation and guidelines, please refer to the Booking R&C Resource Center.

• Level 1 Operations and Control Execution
  
  
  • Being actively engaged in Level 1 operations.
  • Running and executing controls directly, rather than just reviewing them.
  • Ensuring the effectiveness of controls in real-time operations.
• Audit and Deficiency Management
  
  
  • Serving as the primary contact point for all internal and external audits related to MySQL.
  • Managing the response to audit findings and deficiencies.
  • Implementing corrective actions and tracking remediation efforts.
• Change Management
  
  
  • Overseeing changes in narratives as requirements and platform changes evolve.
  • Ensuring that documentation is updated to reflect current practices and requirements.
  • Coordinating with various teams to implement and validate changes.
• Compliance Ticket Management
  
  
  • Monitoring all compliance-related tickets for the MySQL teams.
  • Collecting evidence, and closing tickets that have been resolved.
  • Providing regular reminders to individuals with open tickets to ensure timely resolution.
• Backlog Management and Continuous Improvement
  
  
  • Maintaining a backlog of potential improvements for controls and processes.
  • Identifying and proposing solutions to avoid future deficiencies.
  • Working with the team to prioritize and implement backlog items to enhance overall compliance.

• Bachelor degree
• Broad Job Knowledge (3 - 5 years) work experience in business analysis, auditing, corporate governance, risk management or internal controls.
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
• Strong independent contributor, while still a strong team player.

• Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
• Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
• Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
• Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
• Promote and drive impactful and innovative engineering solutions
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com

• Let's go places together: How we Hire
• This role does not come with relocation assistance.