Risk & Compliance Officer - Application Data Services

Overview

Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. We’re the thrill of the first night in a new place, the excitement of the next morning, the friends you encounter, the journeys you take, the sights you see, and the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.

About the team: MySQL-Service Discovery

The MySQL-service discovery team designs, builds, and operates Booking.com’s core service discovery solutions for MySQL database infrastructure. We enable reliable, automated, and scalable discovery and connectivity for thousands of MySQL instances across Business Units and technical platforms. We partner with engineering, infrastructure, and SRE peers to deliver resilient database access, drive engineering best practices, and ensure high availability to support Booking.com’s critical applications. By leveraging automation and robust monitoring, we empower product teams to consume MySQL resources with minimal friction, maintain strong security, and meet the platform’s high operational standards. One big topic we are working on is migrating Databases to AWS.

Role Description

The IT Risk & Compliance Officer partners with risk owners across the Tech function and other business units to design and maintain internal controls aligned with our risk appetite and to maintain process quality. The role requires working closely with stakeholders from multiple departments, with a strong big-picture view and the ability to zoom in on details to ensure full process understanding. Responsibilities and skills required for the IT Risk Officer role align with the Capability Area they work in, such as Risk Management (risk identification, analysis, treatment), Risk Governance & Project Management (policy governance), or Third Party Risk Management & Customer Trust (3rd party risk). The IT Risk & Compliance Officer role requires solid stakeholder management skills and the ability to challenge risk owners to create robust, scalable solutions that mitigate key risks while enabling successful business operations.

Key Job Responsibilities and Duties

R&C officers ensure adherence to regulations, internal policies, and industry best practices. This includes, but is not limited to:

• Risk Management: Support risk owners to design controls that mitigate relevant risks through implementation and monitoring.
• Advice on control design that is sustainable and appropriately scoped (simple solutions for simple problems, no overengineering).
• Coordinate new requests from business functions and units for support with controls.
• Participate in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development lifecycle.
• Assist in developing and leading regular training programs to educate risk owners on internal controls topics.
• Remain flexible to meet dynamic business needs while maintaining robust solutions that strengthen the control environment.
• Risk Governance & Project Management: Support policy lifecycle management including design, implementation and adoption of policies, standards and guidelines in cybersecurity, privacy and regulatory compliance.
• Build knowledge of internal controls, systems and process landscape to enable understanding of impact from IT policies and standards.
• Manage exceptions to IT policies and standards.
• Third Party Risk and Customer Trust: Conduct third-party due diligence.
• Perform privacy and information security risk assessments at third parties. Identify opportunities to position data privacy and security as a competitive advantage improving brand-building and corporate reputation.
• Refer to the Booking R&C Resource Center for specific documentation and guidelines.

MySQL R&C Officer Specific Responsibilities

In addition to general R&C duties, the MySQL R&C Officer has the following specific responsibilities:

• Level 1 Operations and Control Execution
  • Actively engaged in Level 1 operations.
  • Run and execute controls directly, rather than just reviewing them.
  • Ensure the effectiveness of controls in real-time operations.
• Audit and Deficiency Management
  • Primary contact point for all internal and external audits related to MySQL.
  • Manage responses to audit findings and deficiencies.
  • Implement corrective actions and track remediation efforts.
• Change Management
  • Oversee changes in narratives as requirements and platform changes evolve.
  • Ensure documentation reflects current practices and requirements.
  • Coordinate with various teams to implement and validate changes.
• Compliance Ticket Management
  • Monitor all compliance-related tickets for the MySQL teams.
  • Collect evidence and close tickets that have been resolved.
  • Provide regular reminders to individuals with open tickets to ensure timely resolution.
• Backlog Management and Continuous Improvement
  • Maintain a backlog of potential improvements for controls and processes.
  • Identify and propose solutions to avoid future deficiencies.
  • Work with the team to prioritize and implement backlog items to enhance overall compliance.

Role Qualifications and Requirements

• Bachelor’s degree
• Broad job knowledge (3 - 5 years) in business analysis, auditing, corporate governance, risk management or internal controls.
• Ability to develop solid relationships with business partners to drive adoption of the risk management culture.
• Thorough technical understanding of internal control requirements and design with experience applying them across businesses.
• Ability to split large tasks into logical, manageable actions and deliver them on time.
• Flexible and agile in response to changes in the business, stakeholder expectations, or regulatory/operating environment.
• Strong independent contributor and team player.

Benefits & Perks - Global Impact, Personal Relevance

Booking.com’s Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive compensation and benefits package, as well as Booking.com-specific benefits, including:

• Annual paid time off and generous paid leave scheme including parent, grandparent, bereavement, and care leave
• Hybrid working with flexible arrangements, up to 20 days per year working from abroad
• Industry-leading product discounts – up to 1400 per year – for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
• Living and working in Amsterdam, one of Europe’s most cosmopolitan cities
• Contributing to a high-scale, complex product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced, performance-driven culture
• Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
• Promote and drive impactful and innovative engineering solutions
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and community participation
• Competitive compensation and benefits package and some great added perks of working in Booking.com’s home city

Diversity, Equity and Inclusion (DEI) at Booking.com

DEI has been a core part of our culture since day one. This ongoing journey starts with our employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations.

Take it from our Chief People Officer, Paulo Pisano: “Inclusion is at the heart of everything we do. It’s a place where you can make your mark and have a real impact in travel and tech.”

We ensure that colleagues with disabilities are provided the adjustments and tools they need to participate in the job application and interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

Application Process

This section provides information on hiring.

• Let’s go places together: How we Hire
• This role does not come with relocation assistance.

Booking.com is proud to be an equal opportunity workplace and an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move beyond traditional equal opportunity and create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information necessary for determining your qualifications and suitability for the position.

#J-18808-Ljbffr