Senior Cybersecurity Analyst, GRC

Concord, MA

KAYAK Software, Co

KAYAK, part of Booking Holdings (NASDAQ: BKNG), is the world’s leading travel search engine. Together, we're able to help people experience the world through dining and travel.

View company page

KAYAK, part of Booking Holdings (NASDAQ: BKNG), is the world’s leading travel search engine. With billions of queries across our platforms, we help people find their perfect flight, stay, rental car, cruise, or vacation package. We’re also transforming the in-travel experience with our app and new accommodation software. For more information, visit

As an employee of KAYAK, you will be part of a global network that includes OpenTable and KAYAK's portfolio of metasearch brands including Swoodoo, checkfelix, momondo, Cheapflights, Mundi and HotelsCombined. Many employees are dedicated to one brand, but we all have the benefit of using each other's strengths and insights. Together, we're able to help people experience the world through dining and travel.

Do you have a natural curiosity about discovering how things work and why -- and then have a burning desire to share that knowledge? Do you have a passion for connecting the dots between systems, methodically collecting, organizing and centralizing information?

KAYAK is looking for a talented individual to take a leadership role in bringing our Cybersecurity GRC program to the next level! In this position, you will work closely with multiple teams to develop sensible processes and controls that satisfy internal business objectives as well as external audit requirements.

Please note, the position is required to be in our Concord, MA office at least 3 days a week. 

In this role, you will:

  • Lead compliance and security audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
  • Improve our maturity on the NIST CSF framework.
  • Manage our SOC 2 Type 2 certification process and ensure that deficiencies are minimized.
  • Manage our annual PCI DSS certification process.
  • Maintain the risk register processes, standards, and components.
  • Respond to partner third party risk assessments.
  • Execute and manage vendor TPRM.
  • Streamline audit and control processes.
  • Develop metrics to measure the effectiveness of GRC programs.
  • Stay up-to-date with changes in laws, regulations, and industry best practices related to GRC

Please apply if you have:

  • At least 3 years of experience performing technology Third-party security and risk management lifecycle program work, including assessment, reporting and remediation planning and tracking activities both for a Big 4 auditor or equivalent and inside a corporate environment.
  • Familiarity with industry and regulatory frameworks like NIST, SOC, PCI.
  • Basic understanding of concepts of risk analysis, computer security, IT systems, and networking.
  • A balanced, pragmatic approach to risk management in the context of technical projects and organizational goals.
  • Experience building complex project plans and tracking completion, negotiating commitments and escalating on blocking issues constructively.
  • The initiative to determine what needs to be done with minimal guidance from your manager.
  • Ability to work under ambiguous situations.
  • Knowledge to bring clarity to projects by digging into documentation, and asking the right questions to the right people.
  • An inventive nature to leverage technology to streamline and automate manual processes.
  • Motivation to learn.

Benefits and Perks

  • 4 weeks paid vacation
  • Day off on your birthday
  • Generous retirement plans
  • Awesome health, dental and vision insurance plans
  • Flexible Spending Accounts
  • Headspace Subscription
  • No Meeting Fridays
  • Drinks, coffee, snacks, games etc.
  • Weekly catered lunches
  • Flexible hours
  • Regular team events/excursions
  • Universal Paid Parental leave

Diversity and Inclusion

We aspire to have a workplace that reflects all of the diverse communities we serve. We know that when we have diverse teams we produce more creative ideas, products, and better outcomes for our team members. OpenTable/KAYAK is proud to be an Equal Opportunity Employer and we welcome and encourage candidates from all backgrounds and experiences to apply for roles on our team. Whoever you are, just be you.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform job responsibilities, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Apply now Apply later
  • Share this job via
  • or

Tags: Compliance NIST PCI DSS Risk analysis Risk assessment Risk management SOC SOC 2

Perks/benefits: Flex hours Flex vacation Health care Lunch / meals Parental leave Team events

Region: North America
Country: United States
Job stats:  240  32  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.