Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands.
The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.
As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands : Booking.
com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.
About The Role
The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain internal controls in line with our risk appetite and to maintain the quality of our processes.
The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding.
Responsibilities and skills required for the IT Risk & Compliance Officer role are tightly linked to the Capability Area they work for, in IT Compliance & Control Assurance focus on ensuring our IT control environment is monitored and controls are operating as expected.
The IT Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.
Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact and Lead Initiative affecting wider organisations.
Looks for ways to increase the business impact of the team and improve the team’s services and how the team functions.
Promote control owners accountability for IT control performance and documentation.
Assess controls to provide assurance of control performance.
Provide advice on control & indicators design that are both sustainable and right sized (i.e. a simple solution for a simple problem, no over-engineering).
Enable continuous improvement, maintaining our Booking.com controls catalogue, by providing general and technical guidance on how to maintain relevant controls.
Coordinate new requests from the business functions and units for support with controls.
Support business functions and units in ongoing compliance with SOX, PCI, GDPR and other control areas.
Provide support to SOX-IT Audits, PCI assessments, NIST Assessments, with needed walk-thoughts, documentation and follow ups.
Assist in the development and leading regular training / awareness programs to train and educate risk owners on internal controls topics.
Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
Be able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
Support IT Risk and Compliance analysts when specific expertise is required.
Control mapping of internal control to industry frameworks and best practices.
Reporting on control execution, coverage, KPI and issues through booking reporting and dashboarding tools (Jira, Tableau, ServiceNow).
At least 3-5 years of relevant experience.
Work experience in IT business analysis, IT auditing, corporate governance, risk management or internal controls.
Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
Knowledge of Regulatory and Compliance frameworks affecting Technology - SOX, PCI, NIST, COBIT.
Familiar with ServiceNow, Google Suite, Jira tools (or similar), Cloud environments is a plus, but not mandatory.
Familiarity with a DevOps environment is a plus, but not mandatory.
Excellent program management skills.
Strong stakeholder engagement skills (control / process owners, audit).
Demonstrates the ability to make decisions, assess and resolve problems effectively.
Enthusiastic, self-starting and enjoys change.
Hands on experience with large e-commerce or tech companies preferable.
Be flexible and agile in response to the change in business, change in stakeholder expectations and / or change in regulatory / operating environment of Booking Holdings.
Strong independent contributor, while still a strong team player.