Risk & Compliance Officer - Application Data Services

About us

At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. Through our products, partners and people, we make it easier for everyone to experience the world.

About the team: MySQL-Service Discovery

The MySQL-service discovery team is responsible for designing, building, and operating Booking.com’s core service discovery solutions for MySQL database infrastructure. Our team focuses on enabling reliable, automated, and scalable discovery and connectivity for thousands of MySQL instances across Business Units and technical platforms. We partner closely with engineering, infrastructure, and SRE peers to deliver resilient database access, drive engineering best practices, and ensure high availability to support Booking.com’s critical applications. By leveraging automation and robust monitoring, we empower Booking.com product teams to consume MySQL resources with minimal friction, maintain strong security, and meet the platform’s high operational standards. One big topic we are working on is migrating Databases to AWS.

Role Description

The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain internal controls in line with our risk appetite and to maintain the quality of our processes. The role requires working closely with stakeholders from multiple departments and having a strong big picture focus, but also being able to zoom in and out of the details to ensure full process understanding. Responsibilities and skills required for the IT Risk Officer role are tightly linked to the Capability Area they work for, in Risk Management (focus on risk identification, analysis and treatment), Risk Governance & Project Management (focus on policy governance), or Third Party Risk Management & Customer Trust (focus on 3rd party risk). The IT Risk & Compliance Officer role requires solid stakeholder management skills, and the ability to challenge risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

Key Job Responsibilities and Duties

Risk & Compliance officers ensure adherence to regulations, internal policies, and industry best practices. This includes, but is not limited to:

• Supporting risk owners to design controls that mitigate any relevant risks all the way through to implementation and monitoring.
• Providing advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).
• Coordinating new requests from the business functions and units for support with controls.
• Participating in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development lifecycle.
• Assisting in the development and leading of regular training/awareness programs to train and educate risk owners on internal controls topics.
• Staying flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
• Supporting the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of cybersecurity, privacy and regulatory compliance.
• Building knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT policies and standards.
• Managing exceptions to IT policies and standards.
• Conducting third-party due diligence.
• Performing privacy and information security risk assessments at third parties. Identifying opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation.

MySQL R&C Officer Specific Responsibilities

In addition to general Risk & Compliance duties, the MySQL R&C Officer has the following specific responsibilities:

• Level 1 Operations and Control Execution
• • Being actively engaged in Level 1 operations.
  • Running and executing controls directly, rather than just reviewing them.
  • Ensuring the effectiveness of controls in real-time operations.
• Audit and Deficiency Management
• • Serving as the primary contact point for all internal and external audits related to MySQL.
  • Managing the response to audit findings and deficiencies.
  • Implementing corrective actions and tracking remediation efforts.
• Change Management
• • Overseeing changes in narratives as requirements and platform changes evolve.
  • Ensuring that documentation is updated to reflect current practices and requirements.
  • Coordinating with various teams to implement and validate changes.
• Compliance Ticket Management
• • Monitoring all compliance-related tickets for the MySQL teams.
  • Collecting evidence, and closing tickets that have been resolved.
  • Providing regular reminders to individuals with open tickets to ensure timely resolution.
• Backlog Management and Continuous Improvement
• • Maintaining a backlog of potential improvements for controls and processes.
  • Identifying and proposing solutions to avoid future deficiencies.
  • Working with the team to prioritize and implement backlog items to enhance overall compliance.

Role Qualifications and Requirements

• Bachelor degree
• 3 - 5 years of work experience in business analysis, auditing, corporate governance, risk management or internal controls.
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of Booking.com.
• Strong independent contributor, while still a strong team player.

Benefits & Perks - Global Impact, Personal Relevance

• Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
• Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
• Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
• Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
• Promote and drive impactful and innovative engineering solutions
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.