Job Description

Role Description:

Key Responsibilities

Business Acumen: Maintain a fundamental understanding of the Booking.com business, industry news and risk best practices and apply that knowledge in the context of your core areas of responsibility. Critical Thinking: Identify and design solutions in a wide range of situations, and proactively propose concrete improvement plans. Objective Setting, Prioritization & Task Management: Independently structure and execute work, decide on priority areas and output fitting the overarching objectives and priorities. Deliver in line within agreed timelines and escalate issues to the appropriate level and roles within the organization where needed. Attention to Detail: Produce high quality, accurate output across a broad range of topics, with limited review and oversight required. Result Orientation: Work independently and proactively to deliver the right results for specific objectives and deliverables in line with personal and company values whilst influencing stakeholders in order to meet timelines and prioritize critical activities. Effective Communication & Presentation Skills: Effectively and clearly communicate and present information relating to core responsibilities, tailor messages and explain (technical) concepts to stakeholders. Facilitate cross-functional discussions. Organize and run larger meetings in a clear, structured and outcome-oriented manner. Stakeholder Management & Influencing: Independently identify, develop and grow relationships with key stakeholders to build and maintain a wide network within the coverage area, mostly at mid-level but also including key senior stakeholders for a bilateral flow of information. Align with stakeholders on impact beyond their team, respectfully challenging and influencing others to assume appropriate roles and responsibilities by adopting stakeholder management and influencing techniques. Confidently and independently navigate tricky discussions, incorporating Manager input around escalations, approach or blockers where needed. People Management: Provide constructive feedback to peers and incorporate received feedback into personal development goals. May provide mentoring and task oversight to more junior staff or external consultants. Support hiring process. Operational & Technical Expertise: Apply a comprehensive understanding to processes, systems and/or products within your coverage area. Display general understanding of the impact on the wider process and/or system landscape. Seek manager input for in-depth expertise. Risk Landscape Awareness: Maintain awareness or knowledge of the broader internal risk landscape across one or more business areas as well as external developments. Adopt a business need centric and user friendly approach to influence business stakeholders to take informed decisions in line with the risk capacity, risk appetite and risk tolerance of Booking.com. Risk & Governance Advisory: Provide input to the development of methodologies throughout the risk management lifecycle. Advice stakeholders in ongoing risk and compliance work within your dedicated area(s). Risk Identification & Assessment: Identify and appropriately assess risks in line with the team's frameworks and methodologies. Document risk assessment outcomes, including clear description of the risk, perceived level of risk and considerations for risk treatment, tailored to the topic at hand, with limited guidance and review required. Risk Treatment: Independently support control design and/or assurance activities and work with control owners to prepare controls for approval. Coordinate audit activities including support to close any control deficiencies identified. Work across teams/projects/BUs and ensure risks are appropriately mitigated. Develop, select and implement risk treatment strategies, proposing alternative risk treatment options where needed.

Communication.Stakeholder

Process/Control owners (combination of directors, managers, team leaders and individual contributors) Subject Matters Experts (SME's) e.g. Finance, Fintech, Fraud, Legal, Security, etc. Other Internal stakeholders in Accommodations (i.a. CS, PS, Product), Trips, Finance, FinTech, Legal, Marketing, People, Strategy and Corporate Development and Technology (i.a. Security, Infrastructure) Internal & External Audit Risk & Control team

Communication.Type

Persuasion / CooperationPartner with business stakeholders by: providing guidance and support in ongoing compliance;providing guidance and support in identifying risks and control gaps and, designing and implementing appropriate controls;providing clear instructions on expected stakeholder contributions and ensure follow up;facilitating and participating in cross functional groups for activities related to the risk management lifecycle;presenting and advising on standardized methodologies, processes and documentation;maintaining a business centric approach. Information and CooperationInform SMEs on:risk areas in need of SME input;control design and implementation;work closely together to share knowledge and experience. CooperationWork closely together to share knowledge and experience. Cooperation Support Internal and External audit teams to ensure that remediation plans are implemented on a timely basis for any deficiencies foundSupport SOX, PCI and other audit cycles Information and CooperationWork closely together to share knowledge and experience.

Communication.Frequency

Continuous Continuous Continuous Continuous Continuous

Level of Education.Level of Education

Bachelor degree Master degree

Level of Education.Description

Alternatively compensating years of experience (3 to 5 years in addition to below) Preferred

Years of relevant Job Knowledge.Years of relevant Job Knowledge

Advanced Knowledge (5 - 8 years)

Requirements of special knowledge/skills

Qualities / Soft Skills: Enthusiastic, self-starting and flexible work attitude Ability to effectively prioritize and manage workload, work under pressure and deliver on timelines Handle multiple tasks, of varying and often complex content, generally at the same/similar time Have the ability to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time Strongly process, problem solving and action oriented Curious and proactive in the assessment and challenge of risks Strong team player Advanced communication skills and ability to actively listen Strong relationship building skills High level of integrity, confidentiality & professionalism Requirements of special knowledge/ Hard Skills: Advanced (technical) understanding of and experience with Risk Management, Compliance, Internal controls , control procedures, automation, monitoring, testing, collecting evidence and remediation activities Experience with large e-commerce or tech companies is advantageous Fluent in English, both written and spoken CISSP, CRISC, CISM, CISA, or similar certification is advantageous Project management skills Stakeholder management skills For Business Officer functions: Advanced understanding of and experience with risk management relevant fields, for example but not limited to: Business analysis Auditing Corporate governance Finance concepts and processes SOx integration AML/ CFT framework, GDPR, PCI, SOx Fundamental understanding of below IT expertise fields. For IT Officer functions: Advanced understanding of and experience with risk management relevant fields, for example but not limited to: IT Risk management and IT Governance IT Security concepts and processes (IT) Frameworks like ITGC, COSO, NIST DevOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes JIRA * Fundamental understanding of above Business expertise fields.