Cyber Security and Technology Senior Manager

Company Intro

Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands - Booking.com, KAYAK, Priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.

Booking Holdings Financial Services (hereinafter "BHFS") provides financial services in the form of payment services and e-money products across all the brands. BHFS is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards.

Job Summary

Booking Holdings Financial Services-US is looking for a Cybersecurity and Technology Senior Manager with strong experience in Financial Services, specifically Payments or Money Transmission, to act as a critical partner to our business, helping develop, launch, and enable our mission to deliver a world-class payments operation to support Booking Holdings Inc's brands. The selected candidate will have the chance to witness firsthand the investment in digital technology that helps take the friction out of travel.

As an Information Security Senior Manager, you will support the delivery of the global Information Security and Risk management (ISMR) program's goals and objectives at the Business level. This position is being created to support the CISO with focus on security controls implementation and execution, aligned with regulatory requirements and standards. This will mean that the individual will work with all business functions to ensure information risk is considered, logged, managed and remediated within the insights and understanding of the unique business context.

In this role you will report directly to the CISO. You will work with the Business Unit's management team to improve the information security posture by ensuring the consistent application, adaptation and alignment of BHFS's policies and procedures. And to ensure all implemented controls provide value add and meet regulatory requirements.

You should have a good understanding of the cybersecurity framework mainly, regulatory requirements and security operational controls. You will require a quick understanding of the company's key processes, its unique business requirements, and the information security initiatives. You will combine these information sources to address residual risk by supporting security enhancements within the area of responsibility and accountability. You will also combine this information to design and implement reporting of security controls, security exceptions to drive continuous improvement plans for the business based on NIST Cybersecurity Framework, Federal Trade Commission (FTC) Safeguard Rule, New York Department of Financial Services (NYDFS) Part 500 Cybersecurity, and other state and federal regulatory requirements.

The salary for this role is: $162,000 - $180,000 - $198,000

Technical Responsibilities

• Ownership of the BHFS-US Cybersecurity and Technology Roadmap, managed security service delivery, and cybersecurity regulatory environment, and governance and compliance issues as they relate to cybersecurity.
• Support the CISO to deliver tactical and strategic security improvements in line with the overarching security strategy for BHFS.
• Development of security and technology policies, standards, and procedures.
• Take full ownership of a continuous improvement plan.Monitoring of the security control implementation within the business unit in collaboration with the security capability area leads and security program managers.
• Strategic development of cybersecurity and technology metrics, and reporting, for measuring the achievement of cybersecurity and technology key performance and risk objectives
• Assist with building a talented team to address threat identification and mitigation, incident response, intelligence gathering and information sharing.
• Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company's risk appetite.
• Knowledge of cybersecurity-related threats and vulnerabilities and tools used to mitigate the same.
• Support the effective collaboration between the business unit teams and the Security service teams.
• Support escalations for information security issues identified by security teams and/or the business units themselves.
• Guide and support the business unit in following the appropriate security procedures such as the risk assessments and the exception management exercises, ensuring completeness and adherence to standard baselines of BHFS security policies
• Good understanding of security best practices including ISO 27001, NIST Risk Management Framework, NIST 800-53 controls, and PCI DSS.
• Collaborate with Risk to conduct the Cybersecurity Risk Assessment and controls testing. Collaborate with Auditors to achieve the National Institute of Standards and Technology (NIST) Cybersecurity Maturity objectives.
• Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company's risk appetite.
• Development of roadmaps, strategies, and the design of assigned cybersecurity and technology areas
• Work with security insights teams to ensure that security metrics and reports receive the right level of attention in the target business unit.
• Participate in a variety of BHFS-US enterprise cybersecurity and technology projects, including Identity and Access Management (IAM), Vendor Risk Management (VRM), Data Governance and Data Loss Prevention (DLP), Cloud Security, and other technology initiatives as they arise
• Assist the CISO-US with all regulatory reporting of issue management and risk mitigation
• Collaborate with cross-functional BHFS teams and cross-regional BHI Brands to create strong ties, to enhance capabilities, and find ways to mitigate threats.
• Assist BHFS-US CISO, CCO, and CFO with BHFS-US Business Continuity Plan and Disaster Recovery Program to meet US State money transmission license (MTL) and Federal regulatory requirements

Knowledge and Skills

• Bachelor's Degree or higher preferred
• Minimum 5-8 years progressive years of experience in cybersecurity, technology, and/or risk and control management within financial services industry, preferably in the financial services and payments industry or organization with money transmission licenses and a registered MSB
• Computer Hardware Knowledge, Computer Software Knowledge, Internet Applications, Networks, Operating Systems, cyber/Internet Security, Data Privacy/Protection, Analytic Risk Assessment, Problem-Solving, Threat Identification, Project Management, Business Collaboration Platforms (Zoom, WebEx, Teams, etc.) Google Doc
• Knowledge of cybersecurity-related threats and vulnerabilities, related to devices, networks, cloud, payment platforms, and physical environments
• Consulting, stakeholder engagement and relationship management skills
• Ability to work creatively and analytically in a problem-solving environment.
• Flexibility to travel
• Excellent written and oral communication skills
• Ability to work in a highly matrixed organization in addition to global organization
• Experience with quickly changing US State and Federal regulatory environment
• Prefer previous experience working in financial services and payments industry
• Working knowledge of consumer regulations that apply to money service business (MSB) and providers of Prepaid Access

Booking Holdings Financial Services International Ltd. is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We are committed to treating all employees equally, regardless of gender, civil status, family status, sexual orientation, religious belief, age, disability, race or membership of the traveler community. We believe embracing equality and diversity in the workplace benefits not just our organisation but also individual employees, departments and our customers.

This policy extends to every phase of the employment process including, but not limited to, recruitment, selection, placement, transfer, training and development, position elimination, restructure, promotion, compensation, benefits, layoffs, termination, and all other conditions or privileges of employment. Booking Holdings Financial Services International Ltd is an Equal Employment Opportunity employer and makes hiring decisions based solely on qualifications, merit, and business needs at the time.