Chief Information Security Officer

Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands – Booking.com, KAYAK, priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world.

The Booking Holdings Chief Information Security Officer reports to and works in close partnership with the Booking Holdings (BHI) Chief Security Officer (CSO). The role is accountable for all aspects of security (cyber, physical, personnel, administrative) pertaining to the Booking Holdings business entity and its locations; all aspects of security pertaining to ​the two Booking Holdings Centers of Excellence in Romania and India and continued and advancement of the Shared Service capabilities provisioned to the brand companies and as such, performs the ‘ buyer/customer’ role. This leader is also responsible for providing support and leadership to the brand CISOs and the broader brand stakeholder community in order to continue to measurably improve the risk mitigation performance achieved for the Booking Holdings enterprise and by the combined efforts of all the brand companies.

This leader is a seasoned expert specializing in Cybersecurity and IT Risk Management and they execute strategy, operational priorities, and directives consistent with the vision of the CSO. The individual will work collaboratively with a diverse set of stakeholders in the company and will support key, cross-brand initiatives and improvement areas.

The CISO is a strong technologist with broad credentials across security architecture, operations, engineering, risk, and cyber incident response. They will be required to help build trust with customers and regulators, drive product security, further develop a service orientation, and ensure the security team adapts to the dynamics of the business.

The CISO will lead a small central team of security professionals as well as have dotted-line management of Shared Service leadership roles emanating from our two Centers of excellence. This role will predominantly rely on existing resources to deliver the security controls in the business entities rather than build a new team or radically expand the existing team which is not necessary nor desired.

The CISO will forge strong connections and identify strategic and operational synergies between Booking Holdings, the brand CISOs (within the portfolio companies), and their respective security and risk management teams as well as key BHI stakeholders for example, Internal Audit, Risk Managers, Legal and Finance specialists.

This role will actively support the CSO and the Shared Security Services organization in the design and implementation of common and core capabilities, through the identification of requirements and the development of business cases to substantiate the financial viability of shared capabilities.

Through the maturation of our Security Architecture practice, the role will ensure security technologies and initiatives within the brands are coordinated and aligned with the overall security strategy of the enterprise. It will help the team to ensure that investments are made on the basis of a shared and consistent understanding of threats they address and that any synergies are being leveraged to improve performance and drive efficiencies.

The complexity of this position requires a leadership approach that is engaging and collaborative, with a sophisticated ability to work with other security and business leaders to set the best balance between security needs, business priorities, and operational agility. Given the technical nature of security, a deep understanding of systems engineering and product development using software engineering is required.

Finally, this role will act as the Diversity Champion across the brand portfolio with a focus initially on promoting gender parity within the field of cybersecurity. This will include short and long-term strategies for improving our current and future gender representation.

In this role you will get to:

• Work with and support the BHI CSO, brand CISOs, and CTOs to understand business expectations, and key initiatives and set meaningful goals for the security programs
• Act as an advocate and broker for the consumption of Cybersecurity Shared Services through our Booking Holdings brand portfolio from our Centres of excellence.
• Manages a security program consisting of all the detection, protection, response, and recovery attributes and extends the standards and capabilities across the two entities represented by Booking Holdings and the Centers of Excellence.
• Support the central security team at Booking Holdings in providing direction, and advocacy to ensure the effective conduct of security, safety, and risk management practices across the portfolio
• Aligns and matures the security capabilities across the portfolio tracking and reporting our brand programs against the NIST CSF maturity measures
• Aligns and matures the security capabilities across the portfolio by identifying common gaps and designing shared services to close those gaps
• Researches and prepares essential and/or informative briefings to the management team on important security, safety, and compliance topics and/or program updates
• Support the team to develop, enhance, publish, and maintain quality and operational and financial metrics
• Work with the team to align the security architecture to enhance the interoperability and aggregate value of security measures and related investments
• Support the team to drive consolidation of tools and capabilities using service, solutions, and enterprise architecture best practices while increasing the quality and effectiveness of said items
• Establish a BHI wide methodology to provide security oversight to M&A activities, through the creation of playbooks, vendor retainers, and pre-defined assurance activities
• Coordinate with Global Internal Audit, manage portfolio cyber assurance activities
• Align and coordinate the breach/incident response process across the brands. Assist the CSO in preparing the talking points for communications to executive management and key stakeholders.
• Leading the security team in preparation and participation in Board and Audit Committee engagement and associated governance processes
• Support the CSO to identify cross-brand opportunities and projects and engage closely with Booking Holdings to seek support and funding for said projects which will have meaningful value metrics
• Support the team to Identify and address workforce planning and management issues, such as recruitment, retention, succession planning, and training. Identify and grow new sources of talent
• Collaborates with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance
• Stay abreast of security issues and regulatory changes affecting the portfolio and communicate to leadership on a regular basis about those topics
• Support efforts to assess the efficacy of existing security controls and programs and recommend enhancements
• Coordinate quarterly, annual, and long-term information security goals, articulate strategies, define metrics, create reporting mechanisms, and provide updates to the Audit Committee and Board of Directors and other governance bodies as deemed necessary
• Support the CSO to establish and run the CISO Operating Committee to drive strategy and decision making
• Assess, revise, adapt, and deliver the most effective funding model for the portfolio
• Support in building the process and capabilities to respond to business critical issues including escalation comm processes and emergency procedures
• Support the team in the maintenance and enhancement of Booking Holdings Policy, Standards, and playbooks for Crisis Management and Business Continuity
• Work with the team to identify opportunities for cross-industry collaboration in areas of mutual, non-competitive interest

What you have:

• Directive, firm and resilient
• Effective decision-making skills
• Strategic, big-picture thinking
• Handling multiple priorities in a fast-paced environment
• Well-developed technical and process communication skills. Ability to present highly technical and complex information in “simple English” that is consumable by company senior executives and understood by all.
• Qualifies with data first, adds judgment
• Able to influence key stakeholders and engage in common ambitions
• Role modeling BHI values
• Customer focused individual who enjoys collaborating across teams
• Credible in front of executive management at all levels
• Able to listen, understand, problem-solve, and carry out duties to ensure the optimal outcome.
• Capable of anticipating needs and driving clarity on expectations
• A solution-oriented mindset, with the ability to exercise good professional judgment
• Experience needed
• 12+ years in technology leadership roles managing people and programs for large enterprises
• 7+ years of security experience including application security, IAM, vulnerability management best practices, security assurance, and security strategy
• Experience successfully delivering programs and/or multiple projects on time, in scope, on budget, and on quality based on agreed business goals
• Experience in design, implementation, and continuous maturing of leading security operations programs.
• Demonstrated technical proficiency across a broad range of IT and security technologies
• Demonstrated knowledge of common information technology platforms, architecture, and standards.
• Knowledge of Booking.com’s business and technology environment
• Bachelor’s degree in computer science or related field or equivalent experience
• Master’s degree preferred
• Information Security certifications (ex. CISSP, CISM/CISA, SANS GIAC) an advantage

Our Commitment to Diversity

Through the Booking Holdings brands, we help our customers reach all corners of the earth. Our ability to provide great service rests on how well we understand our diverse customer base, which is why having a diverse team is so important to us. We bring together employees from all walks of life and we are proud to provide the kind of inclusive environment that stimulates innovation, creativity and collaboration.

There are a variety of job related factors that go into determining a salary range, including but not limited to external market benchmark data, geographic location, and years of experience sought/required. In addition to a competitive base salary, roles are eligible to be considered for an annual bonus and equity grant.

The base salary range for Connecticut and the NYC-metro area is $253,800-$310,200.