Senior Director Tech Risk Operations

JOB DESCRIPTION FOR:

Senior Director Tech Risk Operations

About Booking.com

Established in 1996 in Amsterdam, Booking.com has grown from a small Dutch start-up to one of the largest ecommerce companies in the world. Booking.com is the largest business within Booking Holdings (NASDAQ: BKNG) and accounts for the vast majority of Booking Holdings' total revenue. Booking Holdings is a leading Fortune 500 e-commerce conglomerate with a market cap of roughly $119,69 billion (2023). Booking.com currently employs approximately 13,000 employees in 140 offices in 70 countries worldwide.

With a mission to make it easier for everyone to experience the world, Booking.com invests in digital technology that helps take the friction out of travel. Booking.com connects travelers with the world's largest selection of incredible places to stay, including everything from apartments, vacation homes, and family-run B&Bs to 5-star luxury resorts and even tree houses. The Booking.com website and mobile apps are available in over 44 languages, offer more than 28M total reported listings, and cover over 174,000 destinations in 229 countries worldwide. Offering 30 different types of places to stay, including homes, apartments, B&Bs, hostels, farm stays, bungalows, even boats, igloos, and treehouses. So whether travelling for business or leisure, customers can instantly book their ideal accommodation quickly and easily, without booking fees and backed up by its promise to price match. Via the customer experience team, customers can reach Booking.com 24/7 for assistance and support in over 44 languages, any time of the day or night.

• Leadership in Security Risk Management: Lead efforts in safeguarding the organisation's digital and physical assets through robust risk management strategies.
• Governance Risk & Compliance (GRC): You will have responsibility for GRC for Booking.com SS&F risk subject areas. This includes the process for creating, updating, and leading SS&F-related policies, standards, and guidelines; as well as providing the risk register for SS&F risks across the enterprise.
• First Line of Defence: You will be responsible for the Business Information Security Officer (BISO) Program, including leading the BISOs directly, and creating and providing metrics to report to the respective BUs in order to ensure that the BU's are leading the SS&F risks to their business. This will include projects that drive the culture of the organization to encourage security, safety, and compliance "by design," such as embedding security into their product lifecycle.
• Strategic Vision: Work with SS&F to develop long-term strategy for the organization, and establish a process to identify budgetary and hiring needs based on the strategic goals, risks, and priorities. .
• Framework Implementation and risk registers: You will also set up risk management system frameworks for Cybersecurity, Trust & Safety, Fraud, & Physical Security. Accountable for implementing and maintaining cohesive Information Security Management System (ISMS) and Risk Management System (RMS) frameworks. Drive consistent, repeatable, measurable risk identification, assessment, and mitigation processes. You will develop and maintain risk registers for cybersecurity, fraud, trust & safety, and global security & resilience.
• Communication and Reporting: You will ensure open and timely reporting on risk posture to leadership and relevant collaborators, including contributing to Board and risk committee materials.
• Business Partnership: You will collaborate with business leaders to communicate risks and develop remediation plans, ensuring alignment with risk management strategy. You will work with stakeholders across the company to embed risk management into business operations. You will quantify risks to prioritise projects and initiatives across Security, Safety & Fraud and business units.
• Adaptability & Continuous improvement: You will respond and adjust to changing risk management regulatory requirements and emerging threats to maintain effective risk management practices. You will establish a resilient and repeatable and continuously improving risk management process.
• Cross-functional Leadership & collaboration: You will lead cross-departmental projects and initiatives to strengthen security posture and ensure projects are delivered on time and within budget. Work closely with collaborators to align risk management strategies with business priorities and must-dos.

• Substantial years of experience in Cyber Security (preferred) or Fraud, with significant years leading high-performing, impactful teams
• A dynamic leader with experience in risk management organisational change, influencing executives and or the board.
• Experienced in cloud-based security solutions
• An enthusiastic and persuasive leader who has driven successful risk management programs
• A patient and relaxed leader who is skilled at translating technical risks to non-technical audiences
• Direct, creative problem solver able to communicate concepts to a broader audience and create clarity.
• Experience in driving security with engineering teams to embed this in ways of working.
• Experience in collaborating with finance teams on finance based risk, using a data driven approach. (e.g quantify how much we have spent in a risk project vs how better prepared we are to face risks)
• Connects disparate risks to create a clear overall risk picture
• Confident leader, adept at handling conflicting priorities
• A balanced background between creating and implementing strategy. Operational efficiency metrics.
• Preferred certifications: CISM, CISSP, COSO ERM, or similar risk management certification
• Organised with strong attention to detail and execution skills
• Familiarity with risk frameworks: NIST, ERM GDPR, ISO 27001, NYDFS, etc.
• Experience in matrix or federation environments

• Character traits: Respectful, high emotional intelligence, and collaborative work style. Comfortable with ambiguity, creating clarity.
• Consensus-driven, achieving collaborative solutions
• Integrity, independent thinking, and courage
• Thrives in fast-paced, demanding environments
• Open mind, learning demeanour, transparent behaviour, positive, multitasker, strong communicator, proactive and collaborative.
• Strategic problem solver yet focused on execution; able to roll up sleeves to get things done.
• Data driven, experimental, ready to learn and open to change.
• Keep the customer at the centre of everything you do.
• Good cultural and organisational sensitivity.
• Committed to building a diverse, inclusive work environment.