Risk Officer

without slowing down innovation.

This role requires a blend of business and technical acumen, and sharp communication skills. You will partner directly with business and tech teams to implement a robust internal control framework, translating complex business and IT risks into practical business solutions. If you want to be part of a product used by millions of travelers daily and you have a passion for risk management, we want to hear from you!

Responsibilities: key areas of responsibility will include, but are not limited to:

• Internal Control framework design and implementation:

  • Develop, implement, and maintain internal control frameworks aligned with industry best practices and applicable regulatory requirements (e.g.,SOX, COSO, COBIT, NIST, ISO 27001, other compliance frameworks)
  • Collaborate with 2nd line Risk partners, process owners, control owners and management to ensure the frameworks are practical, effective and tailored to business needs
  • Maintain a central repository of policies, procedures, control matrices
  • Develop RACI and standardized approach for implementation including training and communication
  • Develop approach for ongoing review & continuous improvement
  • Enable business partners with guidelines, templates and tooling
  • Maintain a central register of all framework documents
  • Contribute to risk and control reporting and assurance in the business unit

• Act as SOx design authority:

  • Partner with R&C and ABU business and IT stakeholders by providing guidance and ensuring that critical SOx controls are adequately designed and documented, in order to strengthen the control environment, mitigate the company risks and support the business in achieving objectives
  • Provide SME guidance to R&C and ABU business and IT stakeholders and 1st line business owners in relation to observations and deficiencies, from initial assessment/triage through to mitigation and remediation

• Support Audit management - act as an SME to support critical audit management activities such as audit planning and issue management

• Support testing of business and IT controls and management certification (SOX Section 302 and 404, other compliance frameworks) by providing guidance to the testing team and reviewing the testing documentation.

• Collaborate with GRC team and 1st/2nd line Risk partners to develop solutions and improve how risks, controls and issues are maintained in our GRC platform

• Act as a risk ambassador within Booking.com to further enhance risk awareness and culture, including by facilitating formal training sessions

Required skillset:

• 6+ years of previous work experience in internal controls, audit, risk management, or compliance

• Bachelor's degree or higher in a relevant field (Master's Degree is preferable).

• Strong knowledge of internal control frameworks (e.g., COSO, COBIT, NIST, ISO 27001) and regulatory requirements (e.g., SOX, GDPR, DMA, DSA), and experience in applying them in various business areas/functions

• Qualifications related to any of the above are advantageous (incl. CISM, CRISC, ACCA, CIA, CISA)

• Experience with Data Governance, Cloud platforms, SaaS applications, business continuity management, and emerging technologies (AI/ML, RPA) is a plus

• Comfortable with modern tech environments such as Devops (Kubernetes, Gitlab, terraform etc.) and also cloud based (AWS, GCP etc.)

• Good stakeholder management skills

• Flexibility to adapt to an ever-evolving and dynamic work environment

• Self-starter with strong sense of responsibility

• Energetic and very proactive

• Process, problem solving and action oriented mindset

• Strong communication and relationship building skills

• High level of integrity, confidentiality & professionalism

• Ability to develop strong relationships with business partners in order to drive risk management culture and implementation

• Fluent in English, both written and spoken (other languages would be a plus)

• Project management skills a plus.

Inclusion at Booking.com:

Take it from our Chief People Officer, Paulo Pisano: "At Booking.com, the diversity of our people doesn't just create a unique workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It's a place where you can make your mark and have a real impact in travel and tech."

Read all about Inclusion and the Employee Resource Groups (ERGs) at Booking.com here

Career Development Opportunities

• Learn more about Your Career Journey here.

• Become a Mentee and benefit from a mentoring relationship with a more experienced person to help you identify and achieve your professional and personal development goals.

Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.