Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands – Booking.com, KAYAK, priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.
Booking Holdings Financial Services (hereinafter “BHFS”) is based in Dublin, Ireland and provides financial services in the form of payment services and e-money products across all the brands. BHFS is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards.
We are seeking an IT & Cyber Security Risk Manager to support the BHFS Risk programme and help drive the advancement of BHFS IT & Cyber risk and control architecture globally. The role holder will be responsible for helping execute our programme strategy and to embed a standardized and consistent approach to risk identification, governance, reporting and mitigation. The role holder will be an agile member of the wider BHFS Risk Team, who will help support key Risk workstreams.
The role sits in the BHFS Ireland Risk Team which is part of the Second Line of Defense (‘SLOD’) and an independent function, charged with proactively challenging business and functional units in the First Line of Defense (‘FLOD’) on their risk identification, assessment and mitigation strategies. The function is responsible for ongoing review and oversight of the control environment, which will entail scrutinizing processes, controls and remediation efforts to highlight gaps in risk mitigation.
The role holder will propel BHFS risk culture, inspire risk management behaviors and embolden optimal risk management practices by exhibiting support and partnership across the BHFS organization, and will embrace opportunities to collaborate with stakeholders at all levels across the wider Group.
The role holder will work across the Enterprise-wide risk taxonomy, with a focus on IT & Cyber risks, which includes failures in the systems and equipment that support and enable BHFS to execute on its vision of evolving payment services. The role holder will effectively steward these risks by executing risk initiatives and reviews with a degree of rigor and independence.
As the BHFS Risk Programme progresses to execution phase, the role holder will be expected to be an integral member of the team and assist across workstreams including Enterprise Risk Management Frameworks, Risk and Control Self-Assessments, Third Party Risk Management, Operational Resilience and Risk Reporting.
This role will be based on a hybrid flexible working model.
Stewarding the BHFS FLOD to ensure all relevant IT & Cyber risks are identified and effectively managed by a robust control environment.
Contributing to the advancement and execution of BHFS IT & Cyber Risk activities and programs, such as Risk & Control Self-Assessment (‘RCSA’), Risk Event Management, Third Party Risk Management (‘TPRM’), Risk Appetite KRI monitoring, Committee reporting.
Using metrics and testing to provide meaningful independent oversight and challenge to drive FLOD risk and control management.
Drive efforts to ensure capture of FLOD remediation plans, management of issues and timely reporting of threats.
Verifying that optimal controls relating to major systems and their implementation are in place and operating effectively from a general control and security perspective
Managing a number of stakeholders providing them with information reliability through IT risk assessment, benchmarking and due diligence
BHFS Risk teams point of contact on conversion issues and IT project management risks and controls
Supporting Operational Resilience activities to ensure plans remain current, complete and aligned to regulatory expectations.
Promoting and embedding a culture of risk management and mitigation across the organisation, by facilitating training, workshops and collaborative first line liaison.
Engage as a key partner to the BHFS business, functional units, Group stakeholders and the Internal Audit team on all relevant projects and topics.
Remaining current on business, industry and regulatory matters to identify new and emerging risks to which BHFS is exposed.
Assessment of business models in the context of due diligence and compliance with the guidelines emoney businesses and payment institutions.
Manage analyst staff as required.
Participate in projects as required by the CRO.
Knowledge and Skills
Third level degree qualification preferable at certificate, diploma or degree level or equivalent.
5-8 year's experience in IT & Cyber Risk and payments or online ecommerce business in the European market.
Understanding of Regulatory requirements and guidelines on ICT and Security Risk Management.
Experience using risk tools and methodologies such as RCSAs, Risk rating or classification matrices, Control testing.
Experience in business partnering, training and/ or workshop delivery to drive risk awareness and risk culture.
Experience liaising with stakeholders across the Three Lines of Defense on risk and control topics.
Basic understanding of Operational Resilience, TPRM, New Product Assurance Framework.
Experience using a GRC system.
Excellent interpersonal skills and ability to influence and negotiate with senior stakeholders.
Sharp presentational skills, able to transpose information into visually compelling formats.
Succinct Communicator – ability to break down complex issues and communicate at all levels in the organization.
Ability to work in a cross-functional matrix environment
Excellent understanding of vulnerability management and associated tools and solutions.
Highly motivated. Ability to work under pressure and under your own initiative.
Solution driven with demonstrated ability to meet deadlines and deliver results.
Excellent analytical skills.
Some limited travel may be required