Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands – Booking.com, KAYAK, priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.
Booking Holdings Financial Services (hereinafter “BHFS”) is based in Dublin, Ireland and provides financial services in the form of payment services and e-money products across all the brands. BHFS is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards.
As an Information Security Business Analyst, you will support the delivery of the global Information Security and Risk management (ISMR) program’s goal and objectives at the Business Unit level. This position is being created to support the principle of “Global coordination and oversight of security controls implementation and execution, aligned with regulatory requirements and expectations”. This will mean that the individual will work with all business functions to ensure information risk is considered, managed and remediated within the insights and understanding of the unique business context.
In this role you will report directly to the Head of Information Security. You will work with the Business Unit’s management team to improve the information security posture by ensuring the consistent application, adaptation and alignment of BHFS’s policies and procedures. And to ensure all implemented controls provide value add and meet regulatory requirements.
You will require a very good understanding of the security frameworks and methodologies, regulatory requirements and security operational controls. You will require quick understanding of the company’s key processes, its unique business requirements, and the information security initiatives. You will combine this information sources to address residual risk by supporting security enhancements within the area of responsibility and accountability. You will also combine this information to design and implement reporting framework of security controls, security exceptions to drive continuous improvement plan.
Support the Head of Information Security to deliver tactical and strategic security improvements in line with the overarching security strategy for BHFS.
Monitoring of the security control implementation within the business unit in collaboration with the security capability area leads and security program managers.
Represent the Head of Information Security at meetings and act on behalf of as requested.
Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level.
Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company's risk appetite.
Support the effective collaboration between the business unit teams and the Security service teams
Guide and support the business unit in following the appropriate security procedures such as the risk assessments and the exception management exercises, ensuring completeness and adherence to standard baselines of BHFS security policies
Support escalations for information security issues identified by security teams and/or the business units themselves.
Work with security insights teams to ensure that security metrics and reports receive the right level of attention in the target business unit.
Continuously analyze and improve business unit specific security metrics.
Assist the Business in managing and preventing cyber incidents and supporting incident coordination as required.
Provide subject matter expertise on various cyber threats to Business unit leadership.
Support the Head of Information Security ensuring the business unit properly execute all controls in line with the agreed requirements, SLAs and risk mitigation needs.
Build productive relationships with your stakeholders and become their trusted security advisor.
3 to 5 years of relevant experience.
Must have proven experience in cybersecurity. This includes a wide range of topics from security policy development, to metrics capture and analysis, and controls implementation.
Good understanding of security best practices including NIST Risk Management Framework, NIST 800-53 controls, ISO 27000 and PCI DSS. Previous experience working with one of these frameworks.
Good understanding of key security controls. This includes application of the Cyber Kill Chain in large enterprise environments.
Experience participating in security incident response and coordinating activities is a plus.
Ability to demonstrate security experience via certifications or significant career accomplishments.
Broad understanding of ISRM practices, methodologies and technology.
Strong leadership, communication, consulting, decision-making and influencing skills.
Excellent communication and presentation skills, and ability to effectively engage with stakeholders at different levels.
Ability to develop and maintain strong relationships.
Strong team player (collaborative)
Innovative and strategic thinker.
Empowers others via delegation.
Self motivated and willing to take on challenges while adapting to an ever-changing operational environment.
Who you are
Be humble. Be yourself.
Data-driven. Base your decisions on facts rather than opinions.
A go-getter who isn’t afraid to get their hands dirty and dives into a project to achieve success by problem solving.
Open-minded team player with excellent communication skills.
Agile and innovative with the tenacity to thrive in a constantly changing environment.
Self-motivated and results driven with a take charge attitude.
Firm and friendly, knowledgeable, and motivational to others. Open to diversity in all shapes and sizes.
User focused individual who keeps the customer at the heart of everything we do, while having strong commercial awareness.
Knowledge Skills & Abilities
National and international laws, regulations, policies, and ethics as they relate to cybersecurity Risk management processes (e.g., methods for assessing and mitigating risk).
Computer networking concepts and protocols, and network security methodologies
Information technology (IT) supply chain security and risk management policies, requirements, and procedures