IT Risk Officer

Employer: Booking Holdings
  • IT Software
  • Job type: full-time
    Job level: peste 5 years of experience
  • Updated at: 26.09.2023
    Job remote: Hybrid-Mixt (Partially Remote)
    Short company description

    Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

    As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer-facing brands:, Priceline, Agoda, KAYAK, OpenTable and


    Role description

    The IT Risk Officer will be an individual contributor within Booking Holdings. The role is focused on supporting the Risk Management Services (RMS) Program with the identification of enterprise risks including, but not limited to: cybersecurity, privacy and regulatory compliance risks. This role requires engaging with senior collaborators to identify appropriate risk responses, and supporting and maintaining a fit-for-purpose IT controls framework, including the development of additional IT controls. The IT Risk Officer is also a domain expert demonstrating a deep understanding of the enterprise risk field combining deep knowledge of theory and organizational practice or expertise across several different disciplines within a function. This individual convinces collaborators who may be skeptical or unwilling to accept new concepts, practices and approaches when it comes to enterprise risk. Successful risk expertise requires dynamic individuals who are able to collaborate closely with various senior collaborators and thus need to be articulate communicators, champion partnership, integrate perspectives and strive to to business beneficial outcomes.

    Role Qualifications and Requirements

    Bachelor's Degree 
    5-8 years of relevant experience
    Strong risk and control or audit/assurance background with a deep understanding of operational and technology risk 
    Solid understanding of technology risk management, controls, and compliance
    Experience in design and implementation of security controls 
    Detailed understanding of industry accepted Information Security and IT governance standards (i.e. NIST CSF, COBIT, ISO 27k) and general cyber security concepts 
    Experience and/or understanding of applicable regulations such as Sarbanes Oxley, PCI-DSS, GDPR, SOC2, SEC Disclosure 
    Collaborator Management


    Key Job Responsibilities and Duties

    Support collaborators with cybersecurity or regulatory compliance related risk expertise and knowledge. Responsible for performing risk assessment across all relevant cyber security topics, including materiality assessments for incidents falling into the SEC Disclosure program scope/remit
    Drive business engagement across brands to provide risk and compliance awareness for teams that have a clear need to handle risks without significantly affecting their development velocity and/or play a key role towards achieving strategic objectives in the company
    Design, align and collaborate the risk assessment process for security topics like ransomware, metric development, etc. within and across brands by driving continuous improvement of risk assessment methodology
    Support design and implementation plan of security metrics and control that is both balanced and right sized (i.e. a simple solution for a simple problem, no overengineering). Ensure the metrics are SMART and reportable to the leadership
    With limited supervision, should be able to use quantitative and qualitative data to drive decision making
    Support senior collaborators across brands and help to promote and embed risk and compliance ownership across the business as well as to broaden and expand their knowledge base of both the internal and external risk environment
    Be a “subject domain expert” in different risk and cybersecurity related domains including familiarity with industry-standard frameworks 
    Assist the RMS Manager to identify ways to increase the team’s business impact, and improve and streamline the efficiency

    Other info

    Benefits & Perks

    Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
    Working in a fast-paced and performance driven culture
    Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
    Competitive compensation and benefits package 
    Vast amounts of data to validate your ideas and the opportunity to experiment with real users

    Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.


    • Annual bonus
    • Medical subscription
    • Medical insurance
    • Life insurance
    • Trainings
    • Courses
    • Certifications
    • Bookster subscription
    • Remote work allowance / Utilities reimbursement
    • Payment / Compensation for extra hours
    • Extra days off
    • Flexible work schedule
    • Short Fridays
    • Parties / company events
    • Laptop
    • Mobile phone
    • Parking space
    • Fun / Relax Area
    • Meal vouchers