Booking Holdings Romania - Senior Business Security Analyst

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

As a Senior Business Security Analyst you will support the delivery of the global Information Security and Risk Management (ISRM) program's goals and objectives at the Business Unit level. This position is being created to support the principle of 'Global Oversight with Regional/Functional Insight' meaning we believe that risk management is best driven at the point closest to the actual risk and with the insights and understanding of the outstanding business context

In this role you will report directly to the Business Information Security Officer (BISO). You will work with the Business Unit's management team to improve the information security posture by ensuring the consistent application of Booking.com's policies and procedures.

You will require a good understanding of the company's key assets and processes, its outstanding business requirements, and the information security program. You will combine these information sources to address residual risk by supporting security improvements within the area of responsibility. The role is a critical partner for the Business Unit's general management team and operating groups and will represent security in daily operations as well as with senior customers and partners as required.

Key Job Responsibilities and Duties

• Support the Business Information Security Officer (BISO) to deliver tactical and strategic security improvements in line with the overarching security strategy
• Monitoring of the security control implementation within the business unit in collaboration with the security capability area leads and security program managers
• Represent the BISO at meetings and act on behalf of as requested
• Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level
• Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company's risk appetite
• Support the effective teamwork between the business unit teams and the Security & Fraud service teams
• Guide and support the business unit in following the appropriate security procedures such as the risk assessments and the exception management exercises, ensuring completeness and alignment to standard baselines or Booking.com's security policies
• Support partner concerns for information security issues identified by security teams and/or the business units themselves
• Work with security insights teams to ensure that security metrics and reports receive the right level of attention in the target business unit
• Continuously analyze and improve business unit specific security metrics
• Assist the Business Unit in handling and preventing cyber incidents and supporting incident coordination as the need arises
• Provide domain expertise on various cyber threats to Business unit leadership
• Support the BISO ensuring the business unit is accurately serviced by the security teams in line with the agreed SLAs and risk mitigation needs
• Build productive relationships with your collaborators and become their trusted security advisor

Role Qualifications and Requirements

• Bachelor Degree
• Five to eight years of relevant experience
• Must have demonstrable experience in cybersecurity. This includes a wide range of topics from security policy development, to metrics bring together and analysis, and controls implementation
• Solid understanding of security standard processes including NIST Risk Management Framework, NIST 800-53 controls, ISO 27000 and PCI DSS. Previous experience working with one of these frameworks
• Good understanding of key security controls. This includes application of the Cyber Kill Chain in large enterprise environments
• Experience participating in security incident response and coordinating activities is a plus
• Ability to demonstrate security experience via certifications or significant career accomplishments
• Broad understanding of ISRM practices, methodologies and technology

Knowledge of:

• Portfolio, Program and Project delivery
• Service Management
• Business Management
• National and international laws, regulations, policies, and ethics as they relate to cybersecurity
• Risk management processes (e.g., methods for assessing and mitigating risk).
• Computer networking concepts and protocols, and network security methodologies
• Information technology (IT) supply chain security and risk management policies, requirements, and procedures

Benefits and Perks

• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package
• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening:

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.