Senior Cybersecurity Analyst, GRC
KAYAK Software, CoKAYAK, part of Booking Holdings (NASDAQ: BKNG), is the world’s leading travel search engine. Together, we're able to help people experience the world through dining and travel.
KAYAK, part of Booking Holdings (NASDAQ: BKNG), is the world’s leading travel search engine. With billions of queries across our platforms, we help people find their perfect flight, stay, rental car, cruise, or vacation package. We’re also transforming the in-travel experience with our app and new accommodation software. For more information, visit www.KAYAK.com.
As an employee of KAYAK, you will be part of a global network that includes OpenTable and KAYAK's portfolio of metasearch brands including Swoodoo, checkfelix, momondo, Cheapflights, Mundi and HotelsCombined. Many employees are dedicated to one brand, but we all have the benefit of using each other's strengths and insights. Together, we're able to help people experience the world through dining and travel.
Do you have a natural curiosity about discovering how things work and why -- and then have a burning desire to share that knowledge? Do you have a passion for connecting the dots between systems, methodically collecting, organizing and centralizing information?
KAYAK is looking for a talented individual to take a leadership role in bringing our Cybersecurity GRC program to the next level! In this position, you will work closely with multiple teams to develop sensible processes and controls that satisfy internal business objectives as well as external audit requirements.
Please note, the position is required to be in our Concord, MA office at least 3 days a week.
In this role, you will:
- Lead compliance and security audit activities with external auditors and internal control owners to ensure timely and successful completion of audit requirements.
- Improve our maturity on the NIST CSF framework.
- Manage our SOC 2 Type 2 certification process and ensure that deficiencies are minimized.
- Manage our annual PCI DSS certification process.
- Maintain the risk register processes, standards, and components.
- Respond to partner third party risk assessments.
- Execute and manage vendor TPRM.
- Streamline audit and control processes.
- Develop metrics to measure the effectiveness of GRC programs.
- Stay up-to-date with changes in laws, regulations, and industry best practices related to GRC
Please apply if you have:
- At least 3 years of experience performing technology Third-party security and risk management lifecycle program work, including assessment, reporting and remediation planning and tracking activities both for a Big 4 auditor or equivalent and inside a corporate environment.
- Familiarity with industry and regulatory frameworks like NIST, SOC, PCI.
- Basic understanding of concepts of risk analysis, computer security, IT systems, and networking.
- A balanced, pragmatic approach to risk management in the context of technical projects and organizational goals.
- Experience building complex project plans and tracking completion, negotiating commitments and escalating on blocking issues constructively.
- The initiative to determine what needs to be done with minimal guidance from your manager.
- Ability to work under ambiguous situations.
- Knowledge to bring clarity to projects by digging into documentation, and asking the right questions to the right people.
- An inventive nature to leverage technology to streamline and automate manual processes.
- Motivation to learn.
Benefits and Perks
- 4 weeks paid vacation
- Day off on your birthday
- Generous retirement plans
- Awesome health, dental and vision insurance plans
- Flexible Spending Accounts
- Headspace Subscription
- No Meeting Fridays
- Drinks, coffee, snacks, games etc.
- Weekly catered lunches
- Flexible hours
- Regular team events/excursions
- Universal Paid Parental leave
Diversity and Inclusion
We aspire to have a workplace that reflects all of the diverse communities we serve. We know that when we have diverse teams we produce more creative ideas, products, and better outcomes for our team members. OpenTable/KAYAK is proud to be an Equal Opportunity Employer and we welcome and encourage candidates from all backgrounds and experiences to apply for roles on our team. Whoever you are, just be you.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform job responsibilities, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open SOC Analyst jobs
- Open Senior Cybersecurity Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open IT Security Analyst jobs
- Open Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Security Operations Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Staff Information Security Engineer jobs
- Open o365 Security Architect jobs
- Open Infosec Risk Manager jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Fortinet Firewall Engineer jobs
- Open Cyber Security Architect jobs
- Open Ingénieur DevSecops H/F jobs
- Open Application security-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Java-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open APIs-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open Malware-related jobs
- Open Splunk-related jobs
- Open Kubernetes-related jobs
- Open CISA-related jobs
- Open DevSecOps-related jobs
- Open Terraform-related jobs
- Open IDS-related jobs
- Open GDPR-related jobs