Job Description

Role Description:

About Us

Booking Holdings India is a Center of Excellence based in Bangalore, India and was created to support

the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides

access to specialized and highly skilled talent, leading industry best practices, and collaboration

opportunities across all of our Brands.

As part of our Booking Holdings India team, you will have the opportunity to be a part of the world's

leading provider of online travel, with a mission of making it easier for everyone to experience the

world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK,

OpenTable and Rentalcars.com.

About the Role

We are now looking for an IT SOx Analyst, Risk & Control (R&C) in our CoE to support R&C with SOx

testing of IT Controls. You will be directly working on testing internal controls to support SOX302

attestation.

The R&C IT SOx Analyst is also a subject matter expert, responsible for advising the Risk team on

controls design, deficiencies evaluation and improvements across multiple processes from SOx testing

standpoint.

A successful risk professional requires a dynamic personality and ability to adapt in a rapidly changing

environment.

B. responsible: key areas of responsibility will include, but are not limited to:

Execute and lead testing end to end for the assigned areas: Design and execute the day-to-day testing activities of IT controls, with a focus on

regulatory/compliance (SOx) related risks

Collect, analyze, and interpret information to assess and conclude on each assigned

testing area with clear concise documentation

Identify gaps in design and execution, and communicate issues and recommendations to

R&C team and control owners

Develop and maintain comprehensive documentation including process walkthrough

documentation, control testing documentation and any others requiredCollaborate and partner with R&C by providing guidance and ensuring that critical SOx controls

are adequately designed and documented, in order to strengthen the control environment,

mitigate the company risks and support the business in achieving objectives

Collaborate & participate within R&C to continuously improve the R&C's capabilities and governance from SOx testing standpoint

B. skilled:

The ideal candidate will have a strong background in IT risk management, IT frameworks,

governance and controls, Segregation of Duties, and ERP audits.

4+ years of experience gained within IT compliance, internal controls, internal/external audit,

including experience working with teams in an international environment

o Strong understanding of design assessment and operating effectiveness assessment of

IT controls, and interface controls.

o Experience in technology-based product development / DevOps processes, cloud

security and other modern day technologies

o Understanding of different architecture (SOA and micro services), and ability to review

source codes is an added advantage.Understanding of and experience with risk management relevant fields and frameworks, including

SOx, COSO, and COBIT

c Ability to multitask and successfully manage multiple priorities and projects Strong work ethic, enthusiastic, self-starting, adaptable and enjoys change in a super engaged

team

Excellent communication skills to interact with audit teams, management and other stakeholders

effectively

Ability to work effectively in a virtual environment Fully comfortable working in English, both written and spoken Professional certification, such as CISA/CRISC/CIA (or similar), would be an advantage Relevant bachelor's degree required Experience working with a Big4 is preferred

Key Skills:

Strong working knowledge of SOx


Professional certification, such as CISA/CRISC/CIA (or similar), would be an advantage


4+ years of experience gained within IT compliance, internal controls, internal/external audit,

including experience working with teams in an international environment

o Strong understanding of design assessment and operating effectiveness assessment of

IT controls, and interface controls.