Security Risk & Compliance Lead - IT Disaster Recovery

Company Description

Jobs for Humanity is dedicated to building an inclusive and just employment ecosystem. Therefore, we have dedicated this job posting to individuals coming from the following communities: Refugee, Neurodivergent, Single Parent, Blind or Low Vision, Ethnic Minority, and the Previously Incarcerated. If you identify with any of the following communities do not hesitate to register, even if you feel that this particular opportunity is not the right fit for you.

Company Name: Booking

Job Description

Founded in 1996 in Amsterdam, Booking.com has grown from a small Dutch startup to one of the world’s leading digital travel companies.

Over the past two years, we've learned that travel is essential to our wellbeing. No matter whether we journey to far-flung destinations or explore closer to home, it’s about being in the moment - right here, right now.

By investing in the technology that helps take the friction out of travel, Booking.com seamlessly connects millions of travelers with memorable experiences, a range of transport options and incredible places to stay – from homes to hotels and much more.

Across our offices worldwide, we continue to innovate. To solve for some of the most complex challenges in travel and technology, and to plan for the exciting developments that lie ahead. With strategic long-term investments into what we believe the future of travel can be, we are opening up new career opportunities that will have a strong impact on our mission.

We are currently looking for a Security Risk & Compliance Lead - IT Disaster Recovery, to join our Risk Governance team within Central Technology, based in Manchester. You will play a subject matter expert role leveraging a deep understanding of the enterprise risk discipline and business continuity and combining deep knowledge of theory and organizational practice or expertise across several different disciplines within a function and supporting new and/or existing security programs with SME knowledge.

You will collaborate with senior stakeholders to identify people, process and technology risks relevant for Technology, and supporting and maintaining a fit-for-purpose security frameworks, including remediation plans in the form of programs, projects, processes and IT Controls to remediate gaps in framework implementation. 

 

B.Responsible:

• Support stakeholders with cybersecurity, Information security risk , regulatory compliance including IT Disaster recovery expertise and knowledge. Responsible for identifying technology risks and proposing business continuity and disaster recovery control design. Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).
• Drive business engagement to provide risk and compliance awareness for teams that have a clear need to manage risks without significantly affecting their development velocity and/or play a key role towards achieving strategic objectives in the company. 
• Support senior stakeholders across central technology helping to promote and embed risk and compliance ownership starting with Business continuity, IT Disaster recovery, IT Service continuity across the business as well as to broaden and expand their knowledge base of both the internal and external risk environment.
• Be a “subject matter expert” in different risk and cybersecurity related domains including familiarity with one or more industry-standard frameworks such as NIST, SOX, PCI-DSS, SWIFT CSF, ISO 27000 with advanced knowledge of implementing business resilience 
• Support the team to identify ways to increase their business impact and improve the team’s product(s) and ways of working
• Liaise with other risk and audit teams (Risk and Controls, Internal Audit, external auditors, Business continuity teams, IT Disaster recovery and Service continuity team etc.) as needed

B.Skilled:

• Possessing a minimum of 8 years of experience in a global large scale corporate international environment in a role involving cybersecurity, Information security risk , regulatory compliance including IT Disaster recovery
• Knowledge of IT security controls frameworks (like NIST, SOX, PCI-DSS ,COBIT based ITGC)
• Good understanding of IT security controls, experienced in their implementation and/or execution 
• Knowledge of IT risk management, IT Disaster recovery
• Ability to investigate, retrieve and analyze data
• Strong decision making ability and self-disciplined
• Strong assertive communication skills
• Analytical with the ability to “think big” and simultaneously understand and appreciate the details necessary to operationalize the program or project strategy and goals
• The ability to make sense of complex issues and ambiguous situations
• Self-starter with high energy and drive, fast paced and results driven; forward thinking
• Proactive, with the ability to quickly respond to issues at hand; able to prioritize effectively
• CISM/CISSP/CRISC certification is a plus

B.Offered

• Opportunity to grow professionally and to shape the future of the global travel industry.
• Opportunity to see the real time impact of your work.
• Smart, driven colleagues and a fast-paced, performance driven culture.
• Great headquarters in Amsterdam, one of Europe's most cosmopolitan cities.
• Competitive compensation and benefits package.

 

We value Diversity of all types and in an open, dynamic workplace. This has been a pillar at Booking.com since day one, and something we continue to strongly believe in and build today.

Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

 

Pre-Employment Screening:

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.