Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands – Booking.com, KAYAK, priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.
Booking Holdings Financial Services (hereinafter “BHFS”) provides financial services in the form of payment services and e-money products across all the brands. BHFS is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards.
As an Information Security Analyst, you will support the delivery of the global Information Security and Risk management (ISMR) program’s goal and objectives at the Business level. This position is being created to support the CISO with focus on security controls implementation and execution, aligned with regulatory requirements and ISO27001. This will mean that the individual will work with all business functions to ensure information risk is considered, logged, managed and remediated within the insights and understanding of the unique business context.
In this role you will report directly to the CISO. You will work with the Business Unit’s management team to improve the information security posture by ensuring the consistent application, adaptation and alignment of BHFS’s policies and procedures. And to ensure all implemented controls provide value add and meet regulatory requirements.
You will require a good understanding of the ISO27001 security framework mainly and, regulatory requirements and security operational controls. You will require quick understanding of the company’s key processes, its unique business requirements, and the information security initiatives. You will combine this information sources to address residual risk by supporting security enhancements within the area of responsibility and accountability. You will also combine this information to design and implement reporting of security controls, security exceptions to drive continuous improvement plan for the business based on ISO27001.
Support the CISO to deliver tactical and strategic security improvements in line with the overarching security strategy for BHFS.
Support the CISO in implementation and execution of ISO27001 security controls.
Take full ownership of a continuous improvement plan.
Monitoring of the security control implementation within the business unit in collaboration with the security capability area leads and security program managers.
Support the security team in proactive identifying information security deficiencies or opportunities for improvement according to ISO27001
Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company's risk appetite.
Support the effective collaboration between the business unit teams and the Security service teams
Guide and support the business unit in following the appropriate security procedures such as the risk assessments and the exception management exercises, ensuring completeness and adherence to standard baselines of BHFS security policies
Support escalations for information security issues identified by security teams and/or the business units themselves.
Work with security insights teams to ensure that security metrics and reports receive the right level of attention in the target business unit.
Continuously analyze and improve business unit specific security metrics.
Support the CISO ensuring the business unit properly execute all controls in line with the agreed requirements, SLAs and risk mitigation needs.
Build productive relationships with your stakeholders and become their trusted security advisor.
2 to 4 years of relevant experience.
Must have proven initial experience in cybersecurity. This includes a wide range of topics from security policy development, to metrics capture and analysis, and controls implementation.
Good understanding of security best practices including ISO 27001, NIST Risk Management Framework, NIST 800-53 controls, and PCI DSS. Previous experience working with one of these frameworks.
Good understanding of key security controls – ISO27001
Experience participating in security incident response and coordinating activities is a plus.
Ability to demonstrate security experience via certifications or a career accomplishments.
Broad understanding of ISRM practices, methodologies and technology.
Excellent communication and presentation skills, and ability to effectively engage with stakeholders at different levels.
Ability to develop and maintain strong relationships.
Strong team player (collaborative)
Innovative and strategic thinker.
Empowers others via delegation.
Self motivated and willing to take on challenges while adapting to an ever-changing operational environment.
Who you are
Be humble. Be yourself.
Data-driven. Base your decisions on facts rather than opinions.
A go-getter who isn’t afraid to get their hands dirty and dives into a project to achieve success by problem solving.
Open-minded team player with excellent communication skills.
Agile and innovative with the tenacity to thrive in a constantly changing environment.
Self-motivated and results driven with a take charge attitude.
Firm and friendly, knowledgeable, and motivational to others. Open to diversity in all shapes and sizes.
User focused individual who keeps the customer at the heart of everything we do, while having strong commercial awareness.
Knowledge and Skills
National and international laws, regulations, policies, and ethics as they relate to cybersecurity Risk management processes (e.g., methods for assessing and mitigating risk).
Computer networking concepts and protocols, and network security methodologies
Information technology (IT) supply chain security and risk management policies, requirements, and procedures