Job Description

Role Description:
Job Summary
Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line of defense risk team responsible for Central Tech business unit risks & Security risks across the company
The IT Risk & Compliance analyst is aspiring to be a subject matter expert leveraging an initial understanding of the enterprise risk discipline combining knowledge of theory and some organizational practice or expertise across several different disciplines within a function.
Our team member as IT Risk & Compliance analyst in Risk Governance team supports IT Security Governance & Risk activities that include managing Cyber Risk register, supporting teams in triage for cyber risk related activities like performing Root cause analysis(RCA), managing cyber risk and governance metrics. This means our analysts execute the Governance and Risk related processes.
Our analyst takes pride in being the single point of contact for managing processes and operations that have direct impact on the Cybersecurity Risk and governance posture of the organization.
Our IT Risk analyst is the responsible person ensuring - reviewing operational IT security risk governance processes such as maintaining cyber risk register, security exceptions, audit issue remediation status updates are provided to senior management that gives a very high degree of visibility.
Our team members will partner with stakeholders from technology and security teams throughout the business units and corporate functions to gather updates on open issues , risk mitigation actions and risk metrics. The role will work closely with stakeholders from multiple teams to showcase the value add from their work product.
Responsibility
Responsibilities of IT Risk and Control Analyst :
Support cross functional remediation tracking, monitoring and reporting activities
Drive the operational risk governance processes including maintaining cyber risk register, security exceptions, audit and pentest issue remediation status.
Build and maintain NIST Control framework together with IT Risk officer and technology teams
Manage Risk related activities like updating Risk register, triaging risks, performing RCA, manage internal controls, systems and process landscape to enable clear understanding of impact from IT issues and identify risks to be updated in the cyber risk register.
Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT issues and identify risks to be updated in the cyber risk register.
Support Risk and Governance processes together with stakeholders based in Amsterdam and US
Support in keeping cyber risks inventoried and updated
Provide inhouse consulting as SME to NIST related activities
Requirements of special knowledge/skills
First experience in business analysis, auditing, corporate governance, risk management or internal controls.
Preferably experience in Technology based company
Enhanced expertise in managing operations and processes around Risk or governance activities
Work experience in any of the following: technology security, IT security, penetration testing, application security
Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
Basic technical understanding of internal control requirements and design and experience in applying them in various businesses.
Stay flexible to meet the dynamic business needs, while maintaining
robust solutions that strengthen the IT control environment.
Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
Strong independent contributor, while still a strong team player.

Skills Required