Senior Manager Business Information Security Officer
- Amsterdam, Netherlands
Senior Manager - Business Information Security Officer
It wasn't so long ago that booking a trip so see the Eiffel Tower, stroll down New York's iconic Madison Avenue or feel the sand between our toes on Copacabana Beach was simply a matter of a few taps on our smartphone.
In fact, that's what we do at Booking.com. We make it easier for everyone to experience the world. And while that world might feel a little farther away right now, we're busy preparing for when the world is ready to travel once more.
Across our offices worldwide, we continue to innovate. To solve for some of the most complex challenges in travel and technology, and to plan for the exciting developments that lie ahead. With strategic long-term investments into what we believe the future of travel can be, we are opening up new career opportunities that will have a strong impact on our mission.
We are united in the belief that our very human desire to explore the planet's beauty and discover more about other people and cultures will endure. The world is waiting for us. Together, we will be ready.
The Business Information Security Officer (BISO) supports the delivery of the global Information Security and Risk Management (ISRM) program's goals and objectives at the Business Unit level. The BISO works with the Business Unit's management team to improve the information security posture by ensuring the consistent application of Booking.com's policies and procedures. This role will require a keen understanding of the company's key assets and processes, unique business requirements, the information security program and combining this information to address residual risk by recommending security enhancements within the area of responsibility. The BISO role is a critical partner for the Business Unit's leadership, general management team and operating groups and will represent security in daily operations as well as with senior customers and partners as required. The BISO will have fixed line reporting into the Booking.com's Chief Information Security Officer (CISO) and dotted line reporting into an authoritative and influential, management position within the Business Unit itself. This position is being created to deliver the principle of 'Global Oversight with Regional/Functional Insight' meaning we believe that risk management is best executed at the point closest to the actual risk and with the insights and understanding of the unique business context.
- Provide senior leadership to the Business Unit leadership for the implementation of Booking.com's Information Security policy, procedures, and standards throughout their business.
- Direct the risk assessment and security engineering completeness of any exceptions to standard baselines or Booking.com's policies
- Perform first line approval of security requests from Business Group Programs and personnel
- Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level. Lead the development of pragmatic solutions across Corporate Information Security.
- Provide communication or escalation path for information security issues identified by Corporate Information Security or the Business Unit themselves.
- Provide regular, timely reporting on the information security status across the supported business groups.
- Support acquisition due diligence for information security risks and support control design for integration.
- Participate in Group reporting requirements, monthly/quarterly status meetings and offsites as appropriate.
- Assist Groups in managing and preventing cyber incidents and providing incident coordination as required.
- Provide subject matter expertise on various cyber threats to Group leadership.
- Represent the CISO at meetings and act on behalf of as requested.
- Delivery the appropriate security shared services in support of the Business Unit's risk mitigation needs
- Manage the necessary human resources required to deliver the security goals
- Develop a strategic roadmap with associated documentation
- Build productive relationships with management and become the trusted security advisor
- Authority to direct the implementation of Booking.com's Information Security policy, procedures and standards within the companies operating groups and supporting organizations.
- Authority to direct resources to respond to information security incidents or critical deficiencies to ensure secure operations of Booking.com's information systems.
- Final authority for all decisions related to low risk variances to information security standard baselines. Authority to recommend decisions on all moderate and high risk variations to the CISO.
- Accountable to CISO for the efficient and effective execution of position responsibilities.
- Accountable to CISO and BU leadership to meet all performance objectives.
- Accountable to the Business Unit for ensuring ongoing accredited operations of all network and data segments under their responsibility area.
- Accountable to peer employees to ensure all job resource requirements are met and appropriate performance feedback is delivered in a timely manner
- Bachelor's degree in Information Systems, Cybersecurity, or a related field and minimum 5 years of relevant experience. Additional years of relevant experience will be considered in lieu of a degree.
- Experience in the design and implementation of information security programs for organizations with annual turnover >$1B
- Must have proven experience in cybersecurity. This includes, security policy development, metrics capture and analysis and system authorization.
- Excellent communication skills and ability to effectively engage from Senior Executives through individual technical staff.
- Self motivated and willing to take on challenges while adapting to an ever-changing operational environment.
- Good understanding of security best practices including NIST Risk Management Framework, NIST 800-171 controls, ISO27000 and PCI DSS. Previous experience working with one of these frameworks.
- Expert level understanding of key network and technical security controls. This includes application of the Cyber Kill Chain in enterprise environments.
- Experience participating in security incident response and coordinating activities
- Ability to demonstrate security experience via certifications or significant career accomplishments
- Demonstrated ability to apply organizational information security policies
- Broad understanding of ISRM practices, methodologies and technology
- Strong leadership, communication, consulting, decision-making and influencing skills
- Superior presentation and facilitation skills to all levels and audiences
- Ability to develop and maintain strong relationships
- Strong team player (collaborative)
- Innovative and strategic thinker
- Empowers others via delegation
- Influences others to think strategically
- Solid knowledge and understanding of the industry, strategic direction of the Company and operational challenges
- Strong time management and organizational skills to manage multiple tasks and changing priorities
- Strategic and innovative problem solving
- Bachelor's degree in computer science or related field or equivalent experience
- Master's degree preferred
- General Office Demands
- Can manage a demanding schedule including global alignment which may involve flexibility due to time zones
Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.
Back to top