
Risk and Compliance Officer
Booking.com
Risk and Compliance Officer
Booking.com seeks an experienced IT Risk & Compliance Officer to join the IT Compliance team in Amsterdam. The role focuses on building and evolving the Unified Control Framework, supporting regulatory initiatives like NIS2 and DORA, and embedding risk and compliance earlier in the software development lifecycle. Requires 5-7 years of experience in IT risk, controls, or compliance with strong knowledge of frameworks such as NIST, NIS2, and DORA.
Risk and Compliance Officer
Booking.com seeks an experienced IT Risk & Compliance Officer to join the IT Compliance team in Amsterdam. The role focuses on building and evolving the Unified Control Framework, supporting regulatory initiatives like NIS2 and DORA, and embedding risk and compliance earlier in the software development lifecycle. Requires 5-7 years of experience in IT risk, controls, or compliance with strong knowledge of frameworks such as NIST, NIS2, and DORA.
Salary
Core Qualifications
Technical (Must-have)
Soft Skills
Preferred Qualifications
Technical (Nice-to-have)
Key Responsibilities
- Lead and support assessments of new and evolving regulatory or framework requirements, including NIST 2.0, NIS2, DORA, EU AI Act.
- Build, maintain, and improve the Unified Control Framework by mapping requirements to internal policies, standards, assets, control objectives, and existing controls.
- Translate regulatory requirements into clear, practical, testable control descriptions with defined ownership, execution expectations, evidence requirements, and monitoring logic.
- Collaborate with Risk Partners, control owners, domain experts, policy owners, and other stakeholders to align on control design, applicability, remediation needs, and implementation priorities.
- Support Shift Left and Security NFR initiatives by ensuring risk and control requirements are considered earlier in the SDLC.
- Contribute to governance, reporting, and continuous improvement activities to help the business understand compliance posture, risk exposure, and control effectiveness.
- Identify pragmatic automation or AI-enabled opportunities to reduce manual effort and improve review velocity.