Senior Business Security Analyst
Key Talents
- București
- Permanent
- Full-time
Location: Bucharest, Hybrid
Type: employment contractOfferContributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
Working in a fast-paced and performance driven culture
Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
Competitive compensation and benefits package
Vast amounts of data to validate your ideas and the opportunity to experiment with real users.ClientOur client is a new established Center of Excellence based in Bucharest, Romania and was created to support the increasing business.The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all our client brands. As part of our client's Romania team, you will have the opportunity to be a part of the world's leading provider of online travel, with a mission of making it easier for everyone to experience the world through six-primary consumer facing brands.RoleAs a Senior Business Security Analyst you will support the delivery of the global Information Security and Risk Management (ISRM) program's goals and objectives at the Business Unit level. This position is being created to support the principle of 'Global Oversight with Regional/Functional Insight' meaning we believe that risk management is best driven at the point closest to the actual risk and with the insights and understanding of the outstanding business contextIn this role you will report directly to the Business Information Security Officer (BISO). You will work with the Business Unit's management team to improve the information security posture by ensuring the consistent application of client's policies and procedures.You will require a good understanding of the company's key assets and processes, its outstanding business requirements, and the information security program. You will combine these information sources to address residual risk by supporting security improvements within the area of responsibility. The role is a critical partner for the Business Unit's general management team and operating groups and will represent security in daily operations as well as with senior customers and partners as required.Responsibilities
- Support the Business Information Security Officer (BISO) to deliver tactical and strategic security improvements in line with the overarching security strategy
- Monitoring of the security control implementation within the business unit in collaboration with the security capability area leads and security program managers
- Represent the BISO at meetings and act on behalf of as requested
- Proactively identify information security deficiencies or opportunities for improvement to better enable business security at the global level
- Help the business unit understand and mitigate the cyber and fraud risks identified in line with the company’s risk appetite
- Support the effective teamwork between the business unit teams and the Security & Fraud service teams
- Guide and support the business unit in following the appropriate security procedures such as the risk assessments and the exception management exercises, ensuring completeness and alignment to standard baselines or Booking.com's security policies
- Support partner concerns for information security issues identified by security teams and/or the business units themselves
- Work with security insights teams to ensure that security metrics and reports receive the right level of attention in the target business unit
- Continuously analyze and improve business unit specific security metrics
- Assist the Business Unit in handling and preventing cyber incidents and supporting incident coordination as the need arises
- Provide domain expertise on various cyber threats to Business unit leadership
- Support the BISO ensuring the business unit is accurately serviced by the security teams in line with the agreed SLAs and risk mitigation needs
- Build productive relationships with your collaborators and become their trusted security advisor
- Bachelor Degree
- 5 to 8 years of relevant experience
- Must have demonstrable experience in cybersecurity. This includes a wide range of topics from security policy development, to metrics bring together and analysis, and controls implementation
- Solid understanding of security standard processes including NIST Risk Management Framework, NIST 800-53 controls, ISO 27000 and PCI DSS. Previous experience working with one of these frameworks
- Good understanding of key security controls. This includes application of the Cyber Kill Chain in large enterprise environments
- Experience participating in security incident response and coordinating activities is a plus
- Ability to demonstrate security experience via certifications or significant career accomplishments
- Broad understanding of ISRM practices, methodologies and technology
- Portfolio, Program and Project delivery
- Service Management
- Business Management
- National and international laws, regulations, policies, and ethics as they relate to cybersecurity
- Risk management processes (e.g., methods for assessing and mitigating risk).
- Computer networking concepts and protocols, and network security methodologies
- Information technology (IT) supply chain security and risk management policies, requirements, and procedures