Booking NL

Risk & Compliance Lead (For independent contractors)

Posted Mar 9, 2026
Project ID: 11708-1
Location
Amsterdam, NH
Hours/week
24 hrs/week
Timeline
6 months
Starts: Mar 16, 2026
Ends: Sep 15, 2026
Payrate range
50 - 120 €/hr

The IT Risk & Compliance Governance lead is an individual contributor role within the Trust, Risk, Assurance and Compliance portfolio. The role is focused on leading the maturity assessments across Security, Safety & Fraud capabilities including cyber maturity, external fraud, Trust & Safety & IT Disaster recovery. This role requires an in-depth domain expertise in the areas of Maturity assessment covering Cyber, Fraud, Trust and Safety, IT DR process improvement, process assessment, external audits or assessment and other quality assurance work.


This is a key role which requires engaging with senior stakeholders to identify people, process and technology risks relevant for Technology, and supporting and maintaining a fit-for-purpose maturity frameworks (NIST, ACFE, COSO, T&S, Business Continuity & Disaster recovery), including remediation plans in the form of Programs, projects, processes and IT Controls to remediate gaps in framework implementation.



The IT Risk & Compliance Governance lead is accountable and responsible for assessment and advisory activities for Maturity Assessments and is a subject matter expert leveraging a deep understanding of the enterprise risk disciplines (for e.g. Cyber, Fraud, Safety , IT DR) combining deep knowledge of theory and organizational practice or expertise across several different disciplines within a function and supporting new and/or existing security programs with SME knowledge and organisation skills.


This individual convinces stakeholders who may be skeptical or unwilling to accept new concepts, practices and approaches when it comes to capability maturity. This role requires dynamic individuals who are able to liaise with various senior stakeholders and thus need to be articulate communicators, foster collaboration, integrate perspectives and drive to business beneficial outcomes.


Key Responsibilities.


  • Lead and assist all Maturity Assessments within Security, Safety & Fraud i.e. Cyber, Fraud, Trust & Safety, IT DR


  • Support stakeholders from cybersecurity, Information security risk, External fraud, Trust & Safety, regulatory compliance including IT Disaster recovery with expertise and knowledge. Responsible for identifying technology risks and proposing business continuity and disaster recovery control design. Provide advice on control design that is both sustainable and right sized (i.e. a simple solution for a simple problem, no overengineering).


  • Should be able to understand the Security, Safety & Fraud portfolios and have expert understanding of how governance, identification, prevention, detection, response and recovery functions operate within respective portfolio to provide them the right SME support


  • Collaborate with Technology teams within Booking to build and fine tune control frameworks, collaborate with Portfolio management team on prioritization of past recommendations, lead central role in performing internal assessments, coordinate with external assessors(vendor), engage with control owners through the journey in helping them achieve Maturity.


  • Lead cross functional remediation tracking, monitoring and reporting activities


  • Implement monitoring systems to track Maturity metrics and risk indicators.


  • Regularly assess the portfolio maturity levels and report findings to senior management.


  • Support the team to identify ways to increase their business impact and improve the team’s product(s) and ways of working


  • Liaise with other risk and audit teams (Risk and Controls, Internal Audit, external auditors, Business continuity teams, IT Disaster recovery and Service continuity team etc.) as needed



Knowledge and skills.


  • Bachelor/Master degree


  • Advanced Knowledge (8 - 10 years)


  • Strong risk and control or audit/assurance background with a deep understanding of operational and technology risk


  • Strong understanding of technology risk management, controls, and compliance


  • Experience and understanding of applicable regulations such as Sarbanes Oxley, PCI-DSS, GDPR and CCPA


  • Strong understanding of Business continuity, IT Disaster recovery, IT Service continuity


  • Strong understanding of Trust & Safety domains such as human trafficking and Safety hazards


  • Strong understanding of External fraud domains such as supplier fraud, payment fraud, marketing fraud


  • Familiarity with industry-standard regulatory frameworks such as NIST CSF, ISO22301 and CIS


  • Understanding of cybersecurity, disaster recovery, risks and data protection


  • Stakeholder Management


  • Business Management