Booking.com
Risk & Compliance Officer - Application Data Services
Booking.comNetherlands5 days ago
Full-timeRemote FriendlyFinance, Sales
About Us

At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. But our company is more than datasets, lines of code or A/B tests. We’re the thrill of the first night in a new place. The excitement of the next morning. The friends you encounter. The journeys you take. The sights you see. And the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.

About the team: MySQL-Service Discovery

The MySQL-service discovery team is responsible for designing, building, and operating Booking.com’s core service discovery solutions for MySQL database infrastructure. Our team focuses on enabling reliable, automated, and scalable discovery and connectivity for thousands of MySQL instances across Business Units and technical platforms. We partner closely with engineering, infrastructure, and SRE peers to deliver resilient database access, drive engineering best practices, and ensure high availability to support Booking.com’s critical applications. By leveraging automation and robust monitoring, we empower Booking.com product teams to consume MySQL resources with minimal friction, maintain strong security, and meet the platform’s high operational standards. One big topic we are working is to migrate Databases to AWS.

Role Description

The IT Risk & Compliance Officer is responsible for partnering with risk owners throughout the Tech business function and other business units to design and maintain internal controls in line with our risk appetite and to maintain the quality of our processes. The role requires to work closely with stakeholders from multiple departments and to have a strong big picture focus, but be able to zoom in and out of the details to ensure full process understanding. Responsibilities and skills required for the IT Risk Officer role are tightly linked to the Capability Area they work for, in Risk Management (focus on risk identification, analysis and treatment), Risk Governance & Project Management (focus on policy governance), or Third Party Risk Management & Customer Trust (focus on 3rd party risk). The IT Risk & Compliance Officer role requires solid stakeholder management skills, and to be comfortable with challenging risk owners to come up with robust, scalable solutions which mitigate key risks while enabling successful business operations.

Key Job Responsibilities And Duties

R&C officers ensure adherence to regulations, internal policies, and industry best practices. This includes, but is not limited to:

  • Risk Management Support risk owners to design controls that mitigate any relevant risks all the way through to implementation and monitoring.
  • Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).
  • Coordinate new requests from the business functions and units for support with controls.
  • Participate in sprint planning sessions from development teams to support risk identification, assessment and treatment during the development lifecycle.
  • Assist in the development and leading of regular training/awareness programs to train and educate risk owners on internal controls topics.
  • Stay flexible to meet the dynamic business needs, while maintaining robust solutions that strengthen the control environment.
  • Risk Governance & Project Management Support the IT policy lifecycle management including the design, implementation and adoption of policies, standards and guidelines in the areas of cybersecurity, privacy and regulatory compliance.
  • Build knowledge of internal controls, systems and process landscape to enable clear understanding of impact from IT policies and standards.
  • Manage exceptions to IT policies and standards.
  • Third Party Risk and Customer Trust Conduct third-party due diligence.
  • Perform privacy and information security risk assessments at third parties. Identify opportunities to position data privacy and security not just as a risk management issue, but as a potential source of competitive advantage improving brand-building and corporate reputation.
  • For specific documentation and guidelines, please refer to the Booking R&C Resource Center.


MySQL R&C Officer Specific Responsibilities

In addition to general R&C duties, the MySQL R&C Officer has the following specific responsibilities:

  • Level 1 Operations and Control Execution
    • Being actively engaged in Level 1 operations.
    • Running and executing controls directly, rather than just reviewing them.
    • Ensuring the effectiveness of controls in real-time operations.
  • Audit and Deficiency Management
    • Serving as the primary contact point for all internal and external audits related to MySQL.
    • Managing the response to audit findings and deficiencies.
    • Implementing corrective actions and tracking remediation efforts.
  • Change Management
    • Overseeing changes in narratives as requirements and platform changes evolve.
    • Ensuring that documentation is updated to reflect current practices and requirements.
    • Coordinating with various teams to implement and validate changes.
  • Compliance Ticket Management
    • Monitoring all compliance-related tickets for the MySQL teams.
    • Collecting evidence, and closing tickets that have been resolved.
    • Providing regular reminders to individuals with open tickets to ensure timely resolution.
  • Backlog Management and Continuous Improvement
    • Maintaining a backlog of potential improvements for controls and processes.
    • Identifying and proposing solutions to avoid future deficiencies.
    • Working with the team to prioritize and implement backlog items to enhance overall compliance.


Role Qualifications And Requirements

  • Bachelor degree
  • Broad Job Knowledge (3 - 5 years) work experience in business analysis, auditing, corporate governance, risk management or internal controls.
  • Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
  • Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses.
  • Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
  • Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
  • Strong independent contributor, while still a strong team player.


Benefits & Perks - Global Impact, Personal Relevance

Booking.com’s Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive compensation and benefits package, as well unique-to-Booking.com benefits which include:

  • Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
  • Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
  • Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit
  • Living and working in Amsterdam, one of the most cosmopolitan cities in Europe
  • Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
  • Working in a fast-paced and performance driven culture
  • Opportunity to utilize technical expertise, leadership capabilities and entrepreneurial spirit
  • Promote and drive impactful and innovative engineering solutions
  • Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
  • Competitive compensation and benefits package and some great added perks of working in the home city of Booking.com


Diversity, Equity and Inclusion (DEI) at Booking.com:

Diversity, Equity & Inclusion have been a core part of our company culture since day one. This ongoing journey starts with our very own employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations.

Take it from our Chief People Officer, Paulo Pisano: “At Booking.com, the diversity of our people doesn’t just build an outstanding workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It’s a place where you can make your mark and have a real impact in travel and tech.”

We ensure that colleagues with disabilities are provided the adjustments and tools they need to participate in the job application and interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

Application Process:

This section should provide:

  • Let’s go places together: How we Hire
  • This role does not come with relocation assistance.


Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.

Key Skills

Ranked by relevance
Apply