Insider Threat Program Specialist

Become an Insider Threat Program Specialist at Booking.com

Job Summary:

The Insider Threat Program Specialist will be a pivotal member of the Corporate Security Team, responsible for leading, managing, and continuously enhancing Booking.com's comprehensive Insider Threat Program (ITP). This critical role is centered on protecting the company's people, assets, data, and brand reputation by proactively identifying, assessing, and mitigating risks posed by internal employees, contractors, or privileged users, whether malicious, negligent, or unintentional.

The Corporate Security Team, part of the wider Group Security & Resilience function, drives initiatives across Physical Security, Security Operations, Staff Protection, Technical Security Systems and Event Security. The Specialist will act as the organization's primary Subject Matter Expert (SME) in insider threat risk management, requiring a unique blend of behavioral analysis, digital forensics, risk modeling insight, strong analytical thinking, and exceptional interpersonal skills.

The ideal candidate will bring expertise in behavioral analysis, data-driven risk detection, and insider threat operations, along with a sound understanding of privacy, ethics, and organizational dynamics.

The Specialist will work cross-functionally with key partners, including the Insider Threat Technical Program Manager (who is a core member of the ITP team), Cyber Security, Data Security, HR (People), Legal, Compliance, IT, and Global Investigations Services (GIS) at Booking Holdings, to develop, implement, and govern strategies and technical capabilities that strengthen insider risk management across the company.

This role focuses on the strategy, policy, behavioral risk analysis, and operationalizing the program, while coordinating with the Technical Program Manager on cross-department deliverables.

Key Responsibilities

• Program strategy and governance
  • Lead the development, delivery, and communication of the Insider Threat Program's strategic 2-3 year roadmap for Booking.com.
  • Manage the day-to-day activities of the Program, track progress against strategic goals, design and maintain clear, up-to-date program dashboards and metrics.
  • Serve as the primary lead for cross-functional governance working groups and act as the program liaison to key stakeholders.
  • Develop and maintain insider threat policies, procedures, and standard operating guidelines.
  • Develop, track, and report on key metrics to measure the program's effectiveness, identify risk trends, and quantify incident outcomes for stakeholders.
  • Proactively conduct organizational-wide risk and vulnerability assessments across internal systems, processes, and data flows to identify and prioritize new areas of insider risk exposure.
  • Recommend and drive implementation of program enhancements, including new tools, data sources, workflow, and process improvements.
• Technical detection & incident response
  • Oversee and provide SME input for the identification and analysis of unusual user behaviors or potential insider risk indicators across available data sources (e.g. Data Loss Prevention (DLP), HR data, access logs).
  • Partner with Cyber Security and IT teams to design, integrate, and continuously improve detection models that correlate diverse technical data inputs (e.g., endpoint activity, network access, HR changes) for improved fidelity.
  • Assist in the requirements gathering, design and implementation of new tools for use in internal threat detection/prevention.
  • Provide data analysis and expert behavioral context to support investigations led by HR, Compliance and GIS.
• Stakeholder Management & Communication
  • Provide Subject Matter Expertise to business units on insider risk identification and mitigation practices.
  • Drive and manage cross-functional initiatives with teams including HR (People), Legal, Compliance, Finance, and Global Investigations Services (GIS) to support the development of holistic solutions to identify, mitigate, and prepare for insider threats.
• Training & Awareness
  • Support or lead insider threat awareness campaigns and employee training programs.
  • Provide subject matter expertise to business units on insider risk identification and mitigation practices.
  • Stay current with the latest industry trends, threats, and security measures.
• Team
  • Support the wider Corporate Security team at the Amsterdam Campus office with coverage during office hours and during large business events on site.
  • Available to respond to incidents outside of regular business hours when required.
  • Ability to occasionally travel to other offices, attend conferences and meet with industry peers.

Education, Experience and Competencies

• Bachelor’s degree in Security Management, Information Security, Cybersecurity, or a related field.
• 5-8 years of experience in developing security programs with strong understanding of insider threat operations, corporate security, cybersecurity, counterintelligence, or risk management roles.
• Experience in large, complex, or highly regulated corporate/tech organizations preferred.
• Exceptional discretion, integrity, and ability to handle sensitive information.
• Strong communication skills and ability to partner effectively with HR, Legal, and IT stakeholders.
• Strategic thinker with a proactive and solution-oriented mindset.
• A self-starter, able to work independently, enjoys creating and implementing new initiatives. Hands-on.
• Fluent in English, writing, and speaking.
• Strong data analysis and pattern recognition skills, with the ability to derive actionable insights from diverse data sets.
• Working knowledge of cybersecurity principles and data protection practices.
• Ability to translate behavioral risk indicators into technical detection requirements for engineering teams.

Benefits & Perks: Global Impact, Personal Relevance

• Possibility to live and work in Amsterdam, named as the best city in the World for living a happy and healthy life
• International and diverse company culture
• Possibility to innovate through multiple company programs (e.g. Hackathon, twice a year)
• Opportunity to work in an Agile, startup-like development environment
• Excellent support for personal development through online platforms
• Mentorship programs to accelerate skills growth
• Contribute to the company tech transformational journey toward a more modern tech stack
• Inclusive leadership, valuing the opinion of everyone independently of their career level
• Great compensation package
• Multiple perks that will make your life easier (e.g. discounts to local shops, discounted gym membership, etc.)

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.