Risk & Compliance Manager

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

The GRC Team Lead will be the people manager and an individual contributor role within Booking Holdings. The role is focused on leading the identification of enterprise risks including, but not limited to:  cybersecurity, privacy and regulatory compliance risks. This role requires engaging with senior stakeholders to identify appropriate risk responses, and supporting and maintaining a fit-for-purpose IT controls framework, including the development of additional IT controls. The GRC Team Lead is also a subject matter expert leveraging a deep understanding of the enterprise risk discipline combining deep knowledge of theory and organizational practice or expertise across several different disciplines within a function.
This individual convinces stakeholders who may be skeptical or unwilling to accept new concepts, practices and approaches when it comes to enterprise risk. 
Successful risk expertise requires dynamic individuals who are able to liaise with various senior stakeholders and thus need to be articulate communicators, foster collaboration, integrate perspectives and drive to business beneficial outcomes.

B.skilled

Bachelor/Master
Advanced Knowledge (5 - 8 years)
Technical Specialization (specify per sub competence and Level)
Strong risk and control or audit/assurance background with a deep understanding of operational and technology risk
Strong understanding of technology risk management, controls, and compliance
Experience in design and implementation of security controls 
Experience and understanding of applicable regulations such as Sarbanes Oxley, PCI-DSS, GDPR
Familiarity with industry-standard regulatory frameworks such as NIST, ISO27001 and CIS
Understanding of cybersecurity risks and data protection

Support stakeholders with cybersecurity or regulatory compliance related risk expertise and knowledge. Responsible for performing risk assessment for Ransomware and other security topics.
Drive business engagement across brands to provide risk and compliance awareness for teams that have a clear need to manage risks without significantly affecting their development velocity and/or play a key role towards achieving strategic objectives in the company.
Design, align and collaborate the risk assessment process for security topics like ransomware, metric development, etc. within and across brands by driving continuous improvement of risk assessment methodology.
Support design and implementation plan of security metrics and control that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering). Ensure the metrics are SMART and reportable to the leadership.
Support senior stakeholders across brands and help to promote and embed risk and compliance ownership across the business as well as to broaden and expand their knowledge base of both the internal and external risk environment.
Be a “subject matter expert” in different risk and cybersecurity related domains including familiarity with industry-standard frameworks. 
Lead and support the GRC team to identify ways to increase their business impact and improve the team’s productivity and career progression.

Communication:

Exceptional interpersonal and communication skills coupled with strong business acumen and ability to identify and explain present and future needs for proposed security initiatives to senior management.
Proven ability to collaborate and influence across the spectrum of internal and external business stakeholders.
Ability to lead cross-functional teams in a scale up phase.
Create strong partnerships with critical teams in Booking Holdings group and support all brands with GRC as a shared service.

Ways of Working:

Be able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
Identify opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation. 
Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the IT control environment.

Benefits:

Health insurance (Signal Iduna)
Prepaid medical subscription (Regina Maria)
Meal vouchers (20 RON/ticket)
25 days annual leave
Birthday day off
Work-from-home allowance
Home office one-time bonus
Summer break
Gym subscription