Booking Holdings Romania - SOX IT Compliance Manager

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK, OpenTable and Rentalcars.com.

Role description

The SOX IT Compliance Manager is a people manager role within the Trust, Risk, Assurance and Compliance (TRAC) portfolio within the Security, Safety, & Fraud organization. The role is both a hands-on and strategic role focused on acting as a primary liaison for SOX (Sarbanes-Oxley) IT Compliance within the Central Tech Business Unit to enable more informed and streamlined facilitation of SOX IT audit activities.

The SOX IT Compliance Manager partners very closely with Internal and External SOX audit teams, and IT control owners to ensure consistency and alignment through all SOX IT audit phases. This person must possess a strong understanding of typical SOX IT audit requirements and exhibit versatility in various SOX IT technology domains and can build an extensive knowledge of the end-to-end Booking IT environment including associated risks and pertinent SOX IT controls.

This role is a people manager position and is fully responsible for continuously improving the area under their scope. This manager will be responsible for leading and handling a small team of internal and/or external resources (e.g. Risk Analysts, Risk Officers, consultants) to support SOX IT compliance activities.

The SOX IT Compliance Manager is also a subject matter authority demonstrating a deep understanding of the enterprise risk field combining deep knowledge of theory and organizational practice or expertise across several different fields within a function. Successful risk expertise requires dynamic individuals who are able to liaise with various senior collaborators and thus need to be articulate communicators, foster collaboration, integrate perspectives and aim for business beneficial outcomes.

This position requires strong collaborator leadership skills and requires an individual who can convince others who are skeptical or unwilling to accept new concepts, practices and approaches.

Key Job Responsibilities and Duties

• Liaise closely with risk and audit teams (Risk and Controls, Internal Audit, external auditors, etc.). Act as 1st layer SOX IT Compliance support within the first line IT risk team (TRAC) to enable more informed and streamlined facilitation of SOX IT audit activities. This role & team partners very closely with R&C SOX Testing teams to ensure consistency and alignment through all SOX IT audit phases.
• Partner closely with IT Risk SME's and IT control owners to gain a comprehensive understanding of the end-to-end Booking IT environment and relevant SOX IT compliance risks associated with Technology Platforms
• Drive continuous improvement of our SOX IT compliance audit program, assessment methodologies and processes
• Support collaborators across central tech to drive engagement and first line SOX IT compliance ownership across the central tech business function to provide SOX IT compliance awareness for teams that have a clear need to handle risks without significantly affecting their development velocity.
• Manage a team of individual contributors. Recruit, train, mentor, and develop team members to their full potential. Build the working environment that attracts, engages, develops and retains your people to their full potential including ensuring all crafts are supported in their growth, through constant feedback, coaching and mentoring programs
• Set and implement tactical plans and objectives within your team to deliver results of the yearly goals. Set priorities for your team, assign projects, allocate resources, communicate business performance, and project progress to management & business partners

Role Qualifications and Requirements

• Bachelor Degree
• Five to eight years of proven experience
• Experience in Sarbanes-Oxley (SOX) IT audit and compliance activities; preferably at a technology company
• Experience and understanding of other applicable regulations such as PCI-DSS, GDPR and CCPA - L4
• Strong IT risk and control or audit/assurance background with a deep understanding of operational and technology risk - L4
• Strong understanding of technology risk management, controls, and compliance, especially for public cloud platforms - L4
• Familiarity with industry-standard regulatory frameworks such as NIST, ISO27001 and CIS - L3
• Understanding of cybersecurity risks and data protection - L3
• Strong collaborator leadership skills and a keen ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture
• Detailed technical understanding of internal control requirements and design and experience in applying them in various businesses
• Able to split large tasks into logical, manageable and decoupled actions which are handled effectively and delivered on time
• Be flexible and agile in response to the change in business, change in collaborator expectations and/or change in regulatory/operating environment of B.com

Benefits and Perks

• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package
• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening:

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.