IT Risk Officer - Risk Governance

Angajator: Booking Holdings Center of Excellence
Domeniu:
  • IT Software
  • Tip job: full-time
    Nivel job: peste 5 ani experienta
    Orase:
  • BUCURESTI
  • Job la nivel national
    Actualizat la: 31.01.2023
    Scurta descriere a companiei

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

    Cerinte

    About the role

    The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain internal controls in line with our risk appetite and to maintain the quality of our processes. The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding. 

    Responsibilities and skills required for the IT Risk Officer role are tightly linked to the Capability Area they work for, in Risk Management (focus on risk identification, analysis and treatment), Risk Governance & Project Management (focus on policy governance), or Third Party Risk Management & Customer Trust (focus on 3rd party risk).

    The IT Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

    B.responsible

    Tasks and responsibilities will vary depending on the Capability Area:

    Risk Management

    Support risk owners to design controls that mitigate any relevant risks all the way through to implementation and monitoring
    Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering)
    Coordinate new requests from the business functions and units for support with controls
    Participate in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development lifecycle
    Assist in the development and leading of regular training/awareness programs to train and educate risk owners on internal controls topics
    Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment

    Risk Governance & Project Management

    Lead the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of cybersecurity, privacy and regulatory compliance
    Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT policies and standards
    Manage exceptions to IT policies and standards
    Lead Risk Governance processes together with stakeholders
    Keep cyber risks inventoried and updated
    Provide inhouse consulting as SME to strategic programs

    Third Party Risk and Customer Trust

    Conduct third-party due diligence
    Perform privacy and information security risk assessments at third parties
    Identify opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation

    IT Compliance monitoring

    Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact and Lead Initiative affecting wider organizations
    Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering)
    Be able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time
    Support IT Risk and Compliance analysts when specific expertise is required
    Control mapping of internal control to industry frameworks and best practices
    Reporting on control execution, coverage, KPI and issues through booking reporting and dashboarding tools (Jira, Tableau, ServiceNow)

    Responsabilitati

    B.skilled

    Bachelor Degree
    Broad Job Knowledge ( 5 years)
    Work experience in business analysis, auditing, corporate governance, risk management or internal controls
    Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture
    Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses
    Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time
    Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment 
    Strong independent contributor, while still a strong team player

    Alte informatii

    B.offered

    Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
    Working in a fast-paced and performance driven culture
    Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
    Competitive compensation and benefits package 
    Vast amounts of data to validate your ideas and the opportunity to experiment with real users


    Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.