Key Responsibilities
- Business Acumen:
- Maintain a basic understanding of the Booking.com business, industry news and risk best practices.
- Critical Thinking:
- Be a solution center for your core responsibilities, extend your knowledge and validate your conclusions with team members and experts to constructively improve existing structures.
- Objective Setting, Prioritisation & Task Management:
- Independently prioritise and structure day-to day work, deliver in line within agreed timelines and escalate issues to the appropriate level and roles within the organisation where needed.
- Attention to Detail:
- Produce high quality, accurate output with minimal to no need for re-work.
- Result Orientation:
- Work independently and proactively to deliver the right results in line with personal and company values whilst meeting timelines and prioritising critical activities.
- Effective Communication & Presentation Skills:
- Effectively and clearly communicate and present information relating to core responsibilities, tailor messages and explain (technical) concepts to audiences.
- Stakeholder Management & Influencing:
- Independently identify, develop and maintain relationships with key stakeholders to build a network.
- Guide and train business stakeholders and process and control owners in understanding the risk profile of their area(s) and their roles and responsibilities to embed risk awareness and control ownership in the first line whilst taking a business need centric and user friendly approach.
- People Management:
- Provide constructive feedback to peers and incorporate received feedback into personal development goals.
- Operational & Technical Expertise:
- Apply a strong understanding within your specific subset of processes, systems and/or products. Seek input for broader business or technical context.
- Risk Landscape Awareness:
- Maintain a fundamental awareness of the broader internal Booking.com risk landscape (outside of your specific coverage area), as well as external risks and developments.
- Risk & Governance Advisory:
- Support the Risk & Control team and stakeholders throughout the risk management lifecycle by improving policies / standards/ methodologies and providing advice in ongoing risk and compliance work within your dedicated area.
- Risk Identification & Assessment:
- Apply standardized methodologies in the identification, assessment, reporting and presentation of risks.
- Identify and articulate risks and control gaps / deficiencies by performing analysis of data gathered through end-to-end process / product walkthroughs and interviews.
- Support in standardization and improvement of processes and controls.
- Risk Treatment:
- Support control design and/or assurance activities.
- Support coordination of audit activities including remediation & mitigation of any control deficiencies identified.
- Work with control owners to prepare controls for approval. Develop, select and implement risk treatment strategies (e.g. mitigation, remediation) and controls and coordinate new requests from the business for support with controls.
Communication.Stakeholder
- Process/Control owners (managers, team leaders and individual contributors)
- Subject Matters Experts (SME's) e.g. Finance, Fintech, Fraud, Legal, Security, etc.
- Other Internal stakeholders in Accommodations (i.a. CS, PS, Product), Trips, Finance, FinTech, Legal, Marketing, People, Strategy and Corporate Development and Technology (i.a. Security, Infrastructure)
- Internal & External Audit
- Risk Management team
Communication.Type
- Cooperation Partner with business stakeholders by: providing guidance and support in ongoing compliance; providing guidance and support in identifying risks and control gaps and, designing and implementing appropriate controls; facilitating and participating in cross functional groups for activities related to the risk management lifecycle; presenting and advising on standardized methodologies, processes and documentation; maintaining a business centric approach.
- Inform SMEs on possible risk areas in need of SME input; control design and implementation.
- Work closely together to share knowledge and experience.
- Support audit and business teams to ensure that remediation and mitigation plans are implemented on a timely basis for any deficiencies found;Support SOX, PCI and other audit cycles.
- Work closely together to share knowledge and experience.
Level of Education.Level of Education
- Bachelor degree
- Master degree
- Alternatively compensating years of experience (3 to 5 year over and above) preferred
Years of relevant Job Knowledge.Years of relevant Job Knowledge
- Broad Job Knowledge (3 - 5 years)
Requirements of special knowledge/skills
- Qualities / Soft Skills:
- Enthusiastic, self-starting and flexible work attitude
- Ability to effectively prioritize and manage workload, work under pressure and deliver on timelines
- Process, problem solving and action oriented
- Curious and proactive in the assessment and challenge of risks
- Strong team player
- Advanced communication skills and ability to actively listen
- Strong relationship building skills
- High level of integrity, confidentiality & professionalism
- Requirements of special knowledge/ Hard Skills:
- Fundamental (technical) understanding of and experience with Risk Management, Compliance, Internal controls
- Experience with large e-commerce or tech companies is advantageous
- Fluent in English, both written and spoken
- CISSP, CRISC, CISM, CISA, or similar certification is advantageous
- Project management skills are advantageous
- For Business Analyst functions:
- Intermediate understanding of and experience with risk management relevant fields, for example but not limited to:
- Business analysis
- Auditing
- Corporate governance
- Finance concepts and processes
- AML/ CFT framework, GDPR, PCI, SOx
- Fundamental understanding of below IT expertise fields
- For IT Analyst functions:
- Intermediate understanding of and experience with risk management relevant fields, for example but not limited to:
- IT Risk management and IT Governance
- IT Security concepts and processes
- (IT) Frameworks like ITGC, COSO, NIST
- DevOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes
- JIRA
- Fundamental understanding of above Business expertise fields
Booking.com’s Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive , as well unique-to-Booking.com benefits which include:
Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
Application Process:
This section should provide:
Let’s go places together:
If applicable: Detailed instructions on post-application requirements including any required application materials, deadlines, portfolios, coding challenges, or other assessments as defined by BU or department.
This role does not come with relocation assistance.
Pre-Employment Screening
If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.
