Risk & Compliance Officer

Join Booking.com as a Risk & Compliance Officer

About the Team

Booking.com follows a defense in depth strategy for managing its risks. As part of this strategy, Booking has 3 departments focusing on each line of defense. Global Internal Audit (GIA) is responsible for the 3rd line of defense, Risk and Controls (R&C) is responsible for the 2nd line of defense, while the responsibility of 1st line has been distributed between process/control owners and the Trust, Risk, Assurance and Compliance (TRAC) team. TRAC is the first-line risk team responsible for Central Tech business unit risks & Security, Safety & Fraud (SS&F) risks across the company.

About the Role

The Risk & Compliance Officer is an individual contributor with expert-level domain knowledge, proactive and analytical professional with a strong foundation in risk management principles and a demonstrated ability to automate complex processes. You will partner with risk owners throughout the SS&F department and other business units to identify applicable risks, drive appropriate risk responses, and support the design of fit-for-purpose internal controls in line with our risk appetite, maintain the quality of our processes, and ensure regulatory compliance obligations are met. The role requires close collaboration with stakeholders from multiple departments, a strong big picture focus, and the ability to zoom in and out of the details to ensure full process understanding. Hands-on experience in automating workflows and processes is essential.

This role requires solid stakeholder management skills and the confidence to challenge risk owners to develop robust, scalable, and automated solutions that mitigate key risks while enabling successful business operations.

Tasks and Responsibilities

• Enable and provide strategic risk partnership to the business. Support the SS&F risk assessment process for new and existing products and initiatives developed by various product teams at Booking.com. Advise on risk mitigation and/or risk acceptance where necessary.
• Support stakeholders with relevant SS&F risk expertise and knowledge; work with control owners or stakeholders to implement appropriate safeguards to protect Booking.com assets.
• Identify opportunities for automation (e.g., create AI agents), design efficient workflows, and implement robust, scalable solutions.
• Provide advice on control design that is sustainable and right-sized (i.e., a simple solution for a simple problem, no overengineering). Assess, when needed, control implementation and efficiency.
• Collaborate with other teams within SS&F to build, fine-tune, and document a robust risk management framework. Work with management on key initiatives such as compliance reviews and Risk Appetite revision, and participate in cross-functional programs aimed at increasing the maturity of the SS&F domain, such as risk centralization, monitoring, and reporting.
• Understand the SS&F portfolio and have a basic understanding of how governance, identification, prevention, detection, response, and recovery functions operate within this portfolio to provide the right SME support.
• Support risk analysis to help identify root causes of SS&F trends and propose potential solutions to improve the risk controls framework in response to emerging SS&F risks facing Booking.com.
• Stay flexible to meet dynamic business needs while maintaining robust solutions that strengthen the control environment.
• Document and enhance risk assessment methodology and underlying procedures.
• Report on risk assessments, coverage, and issues through Booking.com reporting and dashboarding tools (Jira, Tableau, ServiceNow).
• Be a strong team player yet a high-performing individual contributor, depending on the context and need.
• Split large tasks into logical, manageable, and decoupled actions which are managed effectively and delivered on time.
• Implement monitoring systems to track SS&F risk metrics and indicators.
• Monitor industry trends around SS&F risks to ensure risk inventory is maintained consistent with industry best practices.

Role Qualifications and Requirements

• Work experience in business analysis, auditing, corporate governance, risk management, or internal controls.
• Knowledge of control frameworks such as NIST, PCI-DSS, SOX, SWIFT, etc.
• Ability to identify opportunities for automation, design efficient workflows, and implement robust, scalable solutions is critical for this role.
• Good-level of experience with scripting languages like Python.
• Hands-on experience as a key user or administrator of GRC tools.
• Ability to develop solid relationships with business partners to drive the adoption of the risk management culture.
• Hands-on experience with large e-commerce or tech companies preferable, especially within the first line of defense.
• Strong knowledge and work experience in Technology Risk domains (e.g., IT, Cybersecurity including Data Security, AI/GenAI, Fraud, Trust & Safety).
• Thorough technical understanding of internal control requirements and design, and experience in applying them in various businesses.
• Able to translate regulatory and risk-related functional and technical requirements for engineering teams to develop secure products, services, and solutions.
• Able to split large tasks into logical, manageable, and decoupled actions which are managed effectively and delivered on time.
• Flexible and agile in response to changes in business, stakeholder expectations, and/or regulatory/operating environment of Booking.com.
• Strong independent contributor, while still a strong team player.
• Previous experience in software development or software engineering is a plus.
• Strong communication skills; fully comfortable working in English, both written and spoken.

Benefits & Perks: Global Impact, Personal Relevance

• Possibility to live and work in Amsterdam, named as the best city in the world for living a happy and healthy life.
• International and diverse company culture.
• Possibility to innovate through multiple company programs (e.g., Hackathon, twice a year).
• Opportunity to work in an Agile, startup-like development environment.
• Excellent support for personal development through online platforms.
• Mentorship programs to accelerate skills growth.
• Contribute to the company tech transformational journey toward a more modern tech stack.
• Inclusive leadership, valuing the opinion of everyone independently of their career level.
• Great compensation package.
• Multiple perks that will make your life easier (e.g., discounts to local shops, discounted gym membership, etc.).

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education, and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.