Risk & Compliance Officer - Trust & Safety

Job Description:

Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line risk team responsible for Central Tech business unit risks & Security, Safety & Fraud (SS&F) risks across the company.

The Risk & Compliance Officer is an individual contributor with expert-level domain knowledge, proactive and analytical professional with a strong foundation in risk management principles and a demonstrated ability to automate complex processes. They will be responsible for partnering with risk owners throughout the SS&F department, and other business units, to identify applicable risks, drive appropriate risk responses, and support the design of fit-for-purpose internal controls in line with our risk appetite, maintain the quality of our processes, and ensure regulatory compliance obligations are met. The role requires close collaboration with stakeholders from multiple departments, and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding. In addition, the role requires hands-on experience in automating workflows and processes.

The Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable and automated solutions which mitigate key risks while enabling successful business operations.

Tasks and responsibilities Risk Officer:

• Enable and provide Strategic Risk Partnership to the Business. Support with the SS&F risk assessment process for new and existing products and initiatives developed by various product teams at Booking.com. Support and advise in risk mitigation and/or risk acceptance where necessary.
• Support stakeholders with relevant SS&F risk expertise and knowledge; work with the relevant control owners or stakeholders to implement appropriate safeguards to protect Booking.com assets.
• Identify opportunities for automation (e.g. create AI agents), design efficient workflows, and implement robust, scalable solutions.
• Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering). Assess, when needed, control implementation and efficiency.
• Collaborate with other teams within SS&F to build, fine tune, and document a robust risk management framework, collaborate with management team on key initiatives (such as compliance reviews and Risk Appetite revision), participate in cross-functional programs aimed to increase the maturity of the SS&F domain, such as risk centralization, monitoring, and reporting..
• Should be able to understand the SS&F portfolio and have basic understanding of how governance, identification, prevention, detection, response and recovery functions operate within this portfolio to provide them the right SME support.
• Support with risk analysis to help identify root cause of SS&F trends and propose potential solutions to improve the risk controls framework in response to the emerging SS&F risks facing Booking.com.
• Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
• Document and enhance risk assessment methodology and underlying procedures
• Report on risk assessments, coverage and issues through booking reporting and dashboarding tools (Jira, Tableau, ServiceNow)
• Strong team player yet high performing individual contributor, depending the context and need.
• Be able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Implement monitoring systems to track SS&F risk metrics and indicators.
• Monitor industry trends around SS&F risks to ensure risk inventory is maintained consistent with industry best practices

• Work experience in business analysis, auditing, corporate governance, risk management or internal controls
• Knowledge of control frameworks such as NIST , PCI-DSS, SOX, SWIFT etc.
• The ability to identify opportunities for automation, design efficient workflows, and implement robust, scalable solutions is critical for this role
• Good-level of experience with scripting languages like Python
• Hands on experience as key user or administrator of GRC tool
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Hands on experience with large e-commerce or tech companies preferable, especially within the first-line of defense
• Strong knowledge and work experience in Technology Risk domains (e.g. IT, Cybersecurity incl. Data Security, AI/GenAI, Fraud, Trust & Safety)
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses
• Able to translate regulatory and risk-related functional and technical requirements for engineering teams to develop secure products, services and solutions.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
• Strong independent contributor, while still a strong team player
• Previous experience in software development, software engineering is a plus
• Strong communication skills; fully comfortable working in English, both written and spoken
• Bachelor degree
• Broad Job Knowledge (3 - 5 years)

• Possibility to live and work in Amsterdam, named as the best city in the World for living a happy and healthy life
• International and diverse company culture;
• Possibility to innovate through multiple company programs (e.g. Hackathon, twice a year)
• Opportunity to work in an Agile, startup-like development environment
• Excellent support for personal development through online platforms
• Mentorship programs to accelerate skills growth
• Contribute to the company tech transformational journey toward a more modern tech stack
• Inclusive leadership, valuing the opinion of everyone independently of their career level
• Great compensation package
• Multiple perks that will make your life easier (e.g. discounts to local shops, discounted gym membership, etc.)