Hybrid IT Risk & Compliance Associate-1 presso Booking Holdings
Booking Holdings · Bangalore, India · Hybrid
- Professional
- Ufficio in Bangalore
Job Summary
Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line of defense risk team responsible for Central Tech business unit risks & Security risks across the company.
Our IT Risk & Compliance Associate is aspiring to be an SME, and has domain knowledge of one or two areas to address processes, risks and control issues. They are responsible for working with Issue owners and risk owners within Security & Fraud teams to maintain internal controls around risk and governance.
Our team member as IT Risk & Compliance Associate in Risk Governance team supports Cybersecurity & Risk best practices that include tracking and updating Issue register,supporting teams in triage for cyber risk related activities like performing Issue triage, tracking issue remediation, processing security policy exceptions, track audit issue closure for status and risk.
Our associate is a key resource for our operational IT security risk governance processes such as maintaining cyber risk and issue register, risk acceptances, audit issue remediation status updates are provided to senior management that gives a very high degree of visibility.
Our associate has basic awareness of GRC and related technologies across Risk domains (Cybersecurity, Privacy, Third party, Fraud, Trust & Safety) and provides first level functional and technical requirements with support from Risk & compliance manager for engineering teams to develop technical solutions. They understand what the most critical elements of the technical solution are and can explain and justify the chosen technical solutions.
Our associate takes pride in being the part of processes and operations that have a direct impact on the Cybersecurity Risk and security posture of the organization.
Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focussing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line of defense risk team responsible for Central Tech business unit risks & Security risks across the company. Our IT Risk & Compliance Associate is aspiring to be an SME, and has domain knowledge of one or two areas to address processes, risks and control issues. They are responsible for working with Issue owners and risk owners within Security & Fraud teams to maintain internal controls around risk and governance. Our team member as IT Risk & Compliance Associate in Risk Governance team supports Cybersecurity & Risk best practices that include tracking and updating Issue register,supporting teams in triage for cyber risk related activities like performing Issue triage, tracking issue remediation, processing security policy exceptions, track audit issue closure for status and risk. Our associate is a key resource for our operational IT security risk governance processes such as maintaining cyber risk and issue register, risk acceptances, audit issue remediation status updates are provided to senior management that gives a very high degree of visibility. Our associate has basic awareness of GRC and related technologies across Risk domains (Cybersecurity, Privacy, Third party, Fraud, Trust & Safety) and provides first level functional and technical requirements with support from Risk & compliance manager for engineering teams to develop technical solutions. They understand what the most critical elements of the technical solution are and can explain and justify the chosen technical solutions. Our associate takes pride in being the part of processes and operations that have a direct impact on the Cybersecurity Risk and security posture of the organization. | |
Key Responsibilities.
Responsibility | |
Core responsibilities of IT Risk & Compliance Associate are -
|
Communication.Stakeholder
Type
Available options:
Cooperation
Persuasion
Information
Frequency
Available options:
Continuous (daily or a number of times a day)
Frequent (about once a week)
Occasionally (once or twice a month or less)
Tech business function and other business units
Cooperation
Partner with SSF issue owners and risk owners by providing guidance and support in designing and implementing appropriate controls to strengthen the control environment, mitigate the company risks and support the business in achieving objectives.
Identify control gaps, based on identified risks.
Facilitate and participate in cross functional groups to implement or enhance controls in cross functional processes.
Support SSF issue and risk owners in resolving issues related to tracking updates on open issue, open risks coming from Issue management, Exceptions and Audit issue tracking.
Occasionally
Risk Governance
Perform
Triage and monitor risks on risks in Risk register or observations and work with risk owners to update status.
Report the outcome of tracking risks coming from issues, exceptions and audit issues to relevant trackers.
Frequent
Subject Matters Experts (SME’s) e.g. Security, Fraud, Privacy, Legal, etc.
Cooperation
Coordinate and coordinate with various teams, GIA and other SME teams for managing GIA audit and risk outcomes and expectations of stakeholders
Frequent
Stakeholder | Type Available options: Cooperation Persuasion Information | Frequency Available options: Continuous (daily or a number of times a day) Frequent (about once a week) Occasionally (once or twice a month or less) |
Tech business function and other business units | Cooperation Partner with SSF issue owners and risk owners by providing guidance and support in designing and implementing appropriate controls to strengthen the control environment, mitigate the company risks and support the business in achieving objectives. Identify control gaps, based on identified risks. Facilitate and participate in cross functional groups to implement or enhance controls in cross functional processes. Support SSF issue and risk owners in resolving issues related to tracking updates on open issue, open risks coming from Issue management, Exceptions and Audit issue tracking. | Occasionally |
Risk Governance | Perform Triage and monitor risks on risks in Risk register or observations and work with risk owners to update status. Report the outcome of tracking risks coming from issues, exceptions and audit issues to relevant trackers. | Frequent |
Subject Matters Experts (SME’s) e.g. Security, Fraud, Privacy, Legal, etc. | Cooperation Coordinate and coordinate with various teams, GIA and other SME teams for managing GIA audit and risk outcomes and expectations of stakeholders | Frequent |
Candidarsi ora
