Director Enterprise Security

Role Description

Director Enterprise Security

About Booking.com

Established in 1996 in Amsterdam, Booking.com has grown from a small Dutch start-up to one of the largest ecommerce companies in the world. Booking.com is the largest business within Booking Holdings (NASDAQ: BKNG) and accounts for the vast majority of Booking Holdings’ total revenue. Booking Holdings is a leading Fortune 500 e-commerce conglomerate with a market cap of roughly $166 billion (2025). Booking.com currently employs approximately 13,000 employees in 140 offices in 70 countries worldwide.

With a mission to make it easier for everyone to experience the world, Booking.com invests in digital technology that helps take the friction out of travel. Booking.com connects travelers with the world’s largest selection of incredible places to stay, including everything from apartments, vacation homes, and family-run B&Bs to 5-star luxury resorts and even tree houses. The Booking.com website and mobile apps are available in over 44 languages, offer more than 28M total reported listings, and cover over 174,000 destinations in 229 countries worldwide. Offering 30 different types of places to stay, including homes, apartments, B&Bs, hostels, farm stays, bungalows, even boats, igloos, and treehouses. So whether travelling for business or leisure, customers can instantly book their ideal accommodation quickly and easily, without booking fees and backed up by its promise to price match. Via the customer experience team, customers can reach Booking.com 24/7 for assistance and support in over 44 languages, any time of the day or night.

At Booking.com, we are all involved in making hundreds of decisions every day. The decisions we make are a reflection of our Values - they reflect what is important to us, both as individuals and as an organisation.

When Values are made explicit, they provide clarity on what “good” looks like. And when they are shared, they build unity in a group. They build culture.

• Think customer first. We obsess about adding value for our customers - guests, partners, colleagues - to make it easier for everyone to experience the world.

• Own it. We deliver on our promises, make informed decisions and prioritize to get the important things done today.

• Learn forever. We are resilient, take time to reflect, and seek to learn – from colleagues, from the outside world and from our failures.

• Succeed together. We celebrate team success, through making connections, building trust and valuing the diverse perspectives of others.

• Do the right thing. We get the right results the right way. For each other, our communities and the world around us.

Director Enterprise Security

Make your mark in a career-defining leadership role! Based in Amsterdam, the Netherlands, and reporting directly to the CISO, this is a rare opportunity to lead and inspire a team of 60–80 professionals, further build out the operating model, and serve as a trusted partner to Central Tech and Booking.com teams on enterprise security. Your mission: to build and defend the enterprise environment, protect corporate and customer data, and strengthen the resilience and trust that power Booking.com’s success!

Responsibilities:

The Director of Enterprise Security is a senior leadership position with a critical impact on the security posture and brand trust of Booking.com. You will be operating in a business-critical area where your decisions will have a serious impact on the overall success of the company. This role is a key leadership partner responsible for translating the company security strategy into tangible outcomes across core systems and platforms. A pivotal role for protecting Booking.com's brand trust and is centered on deep multi-functional collaboration and a culture of ownership, working in close alignment with CISO, CSO, and CTO leadership. As a trusted partner to business and technology leaders, you will be responsible for delivering a pragmatic and agile risk mitigation portfolio, designed not only to defend against threats and incidents, but to actively enable business innovation and secure our adoption of cloud and other emerging technologies.

As the Director, Enterprise Security, you will build, lead, and mentor a leadership team composed of Senior Managers, Engineering Managers, and Group Product Managers, empowering you to scale a multi-disciplinary organization of around 60-80 professionals. Through this management layer, you will hold accountability for a significant budget and the delivery of foundational security services, including Infrastructure Security, Corporate Defense, and Enterprise Identity & Access Management. This role demands an exceptional combination of people leadership, technical leadership, business orientation, and the ability to navigate complex regulatory landscapes.

Your mission is to ensure the company's resilience through strategic leadership and operational excellence, protecting our core infrastructure, our corporate environment, and our users and access in enterprise.

• Strategic Leadership & Business Ownership: Implement the company security strategy by being responsible for the development and delivery of a comprehensive 1-3 year roadmap for Enterprise Security. Drive the delivery of security solutions for the cloud and hybrid infrastructure, enabling engineering teams to move with speed and safety. Assume full ownership and financial accountability for the multi-million euro budget, focusing on improving return on investment (value), cost optimization, and clear reporting. Lead strategic vendor management for the domain, including negotiations and performance management to ensure value and innovation. Align and mature the core Enterprise Security capabilities, tracking and reporting their effectiveness against industry frameworks like the NIST CSF.
• Directly support the CISO to drive effective strategy and consistent decision-making.

Service Ownership & Regulatory Compliance

• Act as the designated, single point of accountability for all Enterprise Security services (Infrastructure, Corporate Defense, IAM) delivered to other Booking entities. Establish and lead Service Level Agreements (SLAs), monitoring, and reporting mechanisms to demonstrate service health and compliance with all applicable requirements.
• Ensure all services, processes, and controls are designed and operated to be auditable and aligned with relevant standards, particularly the stringent regulations governing financial services (e.g., DORA, EBA).
• Serve as the primary liaison for regulatory and compliance matters related to the enterprise domain, collaborating with internal audit, legal, and external parties as required.

Core Domain & Technical Excellence

• Lead the end-to-end security and architectural direction for all underlying company infrastructure, including endpoint, on-prem and cloud environments.
• Lead the operational effectiveness of the corporate IT environment's defenses.
• Drive and secure implementation of Identity & Access Management (IAM) across the enterprise.

People & Cultural Leadership

• Cultivate a culture of excellence, ownership, and psychological safety that attracts, develops, and retains extraordinary security talent.
• Champion the growth of team members by providing continuous coaching, mentorship, and clear, actionable feedback, empowering them to solve sophisticated challenges.
• Lead, mentor, and grow a global, multi-disciplinary organization of 60+ professionals, ensuring clear roles, responsibilities, and career pathways.

Leadership & Influence

• People-First Leadership: ability to cultivate a culture of excellence, ownership, and psychological safety, empowering teams and championing the growth of individuals.
• Exceptional Collaboration and Influencing Skills: A natural ability to build consensus, navigate a sophisticated matrix organization, and drive outcomes with and without direct authority.
• Strategic Execution Approach: The ability to translate high-level strategy into concrete roadmaps and deliver measurable results.
• Executive Communication: ability to distill highly technical topics into clear, compelling language for senior leaders and non-technical audiences.

Execution & Perspective

• Navigating Complexity: The ability to lead services and teams within sophisticated regulatory landscapes.
• A pragmatic and proactive attitude focused on enabling the business, anticipating needs, and exercising excellent professional judgment.
• Data-Driven Decision Making: The ability to qualify decisions with data first, then add professional judgment and experience.

Strategy & Management:

• Risk Management Processes
• IT Supply Chain Security and Risk Management
• Industry Best Practices & Modern Threat Landscape
• Resilience and Continuity of Operations Planning

Ideal Experience & Skills:

• Significant knowledge and demonstrated expertise evidenced by a career in information security and technology management, program delivery, and innovation.
• Advanced experience in Cloud & on-prem security, identify access management and cyber defense & response is a must requirement.
• Experience leading large teams of around 50 FTE
• Security domains: cloud Security (AWS/GCP) & "Easy Path" Implementations
• Network Security Concepts, Protocols, and Methodologies
• Security Architecture & Enterprise Architecture
• Information Assurance Principles.
• Frameworks & Regulations: Security Frameworks (NIST CSF, ISO 27001, etc.)
• Regulatory Landscapes (GDPR, SOX, CCPA, PCI-DSS, DORA)
• Certifications such as CISSP, CISM, or similar are advantageous.
• Knowledge of frameworks such as NIST, ISO 27001, PCI, SOX is required.
• Experience with financial services regulations (e.g., EBA guidelines, DORA) is highly advantageous
• Strong learners attitude exploring automation and AI

JOBS TO BE DONE / OBJECTIVES:

• Lead and inspire the enterprise security organization of around 60-80 FTE, whilst further building out the operating model of a new established organization
• Be a trusted partner to the Central Tech and Booking.com teams on enterprise security
• Build and defend the enterprise environment and protect corporate and customer data.

OTHER PERSONAL CHARACTERISTICS

• Open-minded & learning-oriented: embraces feedback and fosters curiosity
• Transparent & communicative: shares information clearly and honestly
• Positive & proactive: takes initiative and navigates challenges with resilience
• Execution focus: combines strategic thinking with hands-on delivery
• Customer-centric: keeps the customer at the center of decisions
• Inclusive & culturally aware: values diverse perspectives and equity
• Data-driven & adaptable: leverages data, embraces experimentation, thrives in fast-moving environment

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.