Cyber Counsel

Booking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.

As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.

This role provides a hybrid way of working with an onsite presence of 2 days/week.

Role description

In the age of technology, things are constantly changing. The Booking Holdings Privacy function is well suited to take on the challenges presented, adopting a proactive mindset to tackle them and solve problems. We are quick on our feet, decisive, and collaborate with multiple departments. We hire out-of-the-box thinkers that are well grounded with ethics and legal knowledge to ensure that our Booking Holdings companies achieve the right results, the right way.

The Privacy & Cyber Service Teams, Legal and Operations, are tasked to support the delivery of cross-brand privacy & cyber legal services to Booking Holdings' companies under the strategic oversight of the BHI CPO. Our team focuses on providing privacy & cyber legal shared services in a centralized manner that supports Booking Holdings' companies in meeting their own regulatory requirements and fostering a strong culture of data protection.

This is a mid-level legal professional responsible for providing expert legal analyses and guidance on cyber laws across multiple business units or regions. This role aids in supporting the organization's compliance with global cyber regulations, and supports the development and standardization of cybersecurity legal processes within a centralized service model.

Operating within a shared service center, the Cyber Counsel is tasked with ensuring consistent legal support across the organization. They must balance legal expertise with operational efficiency, tailoring solutions to meet the needs of diverse Brands and business units while adhering to standardized processes. This role requires navigating cross-border legal issues, managing complexity, and fostering collaboration in a centralized environment.

This role is critical for driving legal compliance, managing cybersecurity risks, and supporting the organization’s commitment to ethical and lawful data handling.

Key Job Responsibilities and Duties 

• Able to deliver on the following scope of work independently, while often mentoring junior team members. Specifically is tasked with handling more ambiguous or multifaceted problems requiring critical thinking and innovative approaches including being involved in cross-functional collaboration:
• Support incident response processes by conducting legal and compliance impact analysis (e.g. breach notification requirements)
• Scanning of external information sources for privacy and cyber regulatory events
• Conducts research and delivers summarization analyses on cybersecurity regulatory matters with a focus on cybersecurity matters, and supports on data privacy matters, from a global perspective. Relevant examples include US SEC Cybersecurity Disclosure Requirements, EU NIS 2 Directive, DORA, NYDFS, and China's PIPL and TC260 cybersecurity requirements etc.
• Create cybersecurity compliance materials and other relevant content as necessary to enhance the brands’ ability to deliver training and awareness initiatives
• Researching cybersecurity compliance templates and policies as to support incident response and contracts
• Documentation of processes, including maintaining procedures and flowcharts
• Implementing, tracking, and reporting metrics
• Contributes to decision-making by identifying and providing actionable insights on privacy and cyber services, including services expansions. Frequently empowered to make decisions within their own responsibilities scope. 
• Acts as a mentor, supporting development of junior team members. May take responsibility for smaller projects.
• Communicates with mid-level stakeholders at the Brands and adapts communication styles for different audiences. Presents complex insights in a digestible manner to the Brands. May support privacy & cyber services roadshows and business reviews to senior stakeholders at the Brands. 

Role Qualifications and Requirements

• Broad job knowledge 3-5 years of work experience in a legal position.
• Bachelor degree in Law
• Very good knowledge of cybersecurity laws in EU (global knowledge is a plus)
• Experience with industry specific cybersecurity regulations (such as EU NIS2 Directive, DORA, SEC cybersecurity disclosure rules and other international cybersecurity regulations and standards ( such as NIST, ISO 27001, etc) 
• Knowledge of legal requirements for data breach reporting across jurisdictions and experience in advising on incident response and regulatory investigations.
• Ability to work independently from intake through execution
• Basic understanding of technical concepts.
• A collaborative team player
• Solid communication skills
• Fluent in English (written and verbally) 
• Ability to work well with colleagues around the world and handle  with ease both time-sensitive and long-term projects
• At least one relevant professional certification (e.g. IAPP, ISACA)

Benefits & Perks

• Contributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwide
• Working in a fast-paced and performance driven culture
• Technical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participation
• Competitive compensation and benefits package 
• Vast amounts of data to validate your ideas and the opportunity to experiment with real users

Booking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.