▷ (21/09/2025) It Risk & Compliance Analyst - Governance Operations & Processes

Job Summary Booking com follows a defense in depth strategy for managing its risks As part of this strategy Booking has 3 departments focussing on each line of defense Global Internal Audit GIA is responsible for the 3rd line of defense Risk and Controls R C is responsible for the 2nd line of defense while the responsibility of 1st line has been distributed between process control owners and the Trust Risk Assurance and Compliance TRAC team TRAC is the first-line of defense risk team responsible for Central Tech business unit risks Security risks across the company The IT Risk Compliance analyst is aspiring to be a subject matter expert leveraging an initial understanding of the enterprise risk discipline combining knowledge of theory and some organizational practice or expertise across several different disciplines within a function Our team member as IT Risk Compliance analyst in Risk Governance team supports IT Security Governance Risk activities that include managing Cyber Risk register supporting teams in triage for cyber risk related activities like performing Root cause analysis RCA managing cyber risk and governance metrics This means our analysts execute the Governance and Risk related processes Our analyst takes pride in being the single point of contact for managing processes and operations that have direct impact on the Cybersecurity Risk and governance posture of the organization Our IT Risk analyst is the responsible person ensuring - reviewing operational IT security risk governance processes such as maintaining cyber risk register security exceptions audit issue remediation status updates are provided to senior management that gives a very high degree of visibility Our team members will partner with stakeholders from technology and security teams throughout the business units and corporate functions to gather updates on open issues risk mitigation actions and risk metrics The role will work closely with stakeholders from multiple teams to showcase the value add from their work product Responsibility Responsibilities of IT Risk and Control Analyst Support cross functional remediation tracking monitoring and reporting activities Drive the operational risk governance processes including maintaining cyber risk register security exceptions audit and pentest issue remediation status Build and maintain NIST Control framework together with IT Risk officer and technology teams Manage Risk related activities like updating Risk register triaging risks performing RCA manage internal controls systems and process landscape to enable clear understanding of impact from IT issues and identify risks to be updated in the cyber risk register Build knowledge of internal controls systems and process landscape to enable clear understanding of impact from IT issues and identify risks to be updated in the cyber risk register Support Risk and Governance processes together with stakeholders based in Amsterdam and US Support in keeping cyber risks inventoried and updated Provide inhouse consulting as SME to NIST related activities Requirements of special knowledge skills First experience in business analysis auditing corporate governance risk management or internal controls Preferably experience in Technology based company Enhanced expertise in managing operations and processes around Risk or governance activities Work experience in any of the following technology security IT security penetration testing application security Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture Basic technical understanding of internal control requirements and design and experience in applying them in various businesses Stay flexible to meet the dynamic business needs while maintaining robust solutions that strengthen the IT control environment Able to split large tasks into logical manageable and decoupled actions which are managed effectively and delivered on time Be flexible and agile in response to the change in business change in stakeholder expectations and or change in regulatory operating environment of B com Strong independent contributor while still a strong team player Pre-Employment Screening If your application is successful your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law Depending on the vacancy and applicable law a pre-employment screening may include employment history education and other information such as media information that may be necessary for determining your qualifications and suitability for the position