Associate Analyst, Information Security GRC

Mumbai

Apply now Apply later

Associate Analyst, Information Security GRC

This role is eligible for our hybrid work model: Two days in-office.
 

Why is this job a big deal:

The position is responsible for coordinating Priceline’s risk and compliance projects, elevating our security posture. As a leading tech company, this role requires an understanding of our existing infrastructure, cybersecurity controls and risk profile, as well as a willingness to learn about emerging technologies.

The Security Risk & Compliance Associate will be part of a high-performing and diverse information security team at Priceline, a US subsidiary of the biggest online travel company of the world. He/she will be part of a growing GRC team that has multiple exciting challenges.

In this role you will get to: 

  • Coordinate end-to-end security GRC projects and initiatives to improve our security posture.

  • Maintain our different security controls frameworks, including NIST CSF maturity framework, PCI-DSS and NYDFS, enhancing the frameworks and controls based on recommendations from maturity and risk assessments.

  • Monitor control performance of information security controls across the business for timely and effective execution.

  • Coordinate information security training and awareness activities

  • Execution of third-party risk assessments and enhance our third-party risk assurance process and tooling.

  • Evaluation, maintenance and enhancement of our current security GRC tools.

  • Maintain and improve our information security policy framework, in accordance with our regulatory and compliance requirements.

  • Ensure quality of our key security processes (vulnerability management, security incident reporting).

  • Track progress of issues reported, vulnerabilities, and support in the creation of dashboards and metrics to facilitate this process.

  • Act as a security advocate, supporting business owners’ requests related to security (evaluate policy exception requests, complete third-party security questionnaires, etc)

  • Maintain our cybersecurity risk register and enhance our cybersecurity risk appetite framework.


Who you are: 

  • Bachelor’s degree in Computer Engineering or Cybersecurity-related discipline

  • 3  years of experience working in an information security GRC function

  • BIG4 experience is a plus.

  • Experience coordinating an external PCI-DSS audit is a plus.

  • One or more of the following certifications: CISSP, CRISC, CCSP, CCSK, CISA

  • Knowledge of security control and compliance frameworks: NIST CSF, PCI-DSS, ISO 27001

  • Basic understanding of security engineering best practices, as well as cloud security controls and DevOps & CI/CD development environments.

  • Experience driving security GRC initiatives in a proactive and independent manner

  • Experience working with cross-functional teams in fast-paced environments.

  • Solid problem-solving skills and attention to detail.

    #LI-hybrid

Who we areWE ARE PRICELINE.

Our success as one of the biggest players in online travel is all thanks to our incredible, dedicated team of talented employees. Priceliners are focused on being the best travel deal makers in the world, motivated by our passion to help everyone experience the moments that matter most in their lives. Whether it’s a dream vacation, your cousin’s graduation, or your best friend’s wedding - we make travel affordable and accessible to our customers. 

Our culture is unique and inspiring (that’s what our employees tell us). We’re a grown-up, startup. We deliver the excitement of a new venture, without the struggles and chaos that can come with a business that hasn’t stabilized.  

We’re on the cutting edge of innovative technologies. We keep the customer at the center of all that we do. Our ability to meet their needs relies on the strength of a workforce as diverse as the customers we serve. We bring together employees from all walks of life and we are proud to provide the kind of inclusive environment that stimulates innovation, creativity and collaboration.

Priceline is part of the Booking Holdings, Inc. (Nasdaq: BKNG) family of companies, a highly profitable global online travel company with a market capitalization of over $80 billion. Our sister companies include Booking.com, BookingGo, Agoda, Kayak and OpenTable. 

If you want to be part of something truly special, check us out! 

Flexible work at Priceline

Priceline is following a hybrid working model, which includes two days onsite as determined by you and your manager (ideally selecting among Tuesday, Wednesday, or Thursday). On the remaining days, you can choose to be remote or in the office.

Diversity and Inclusion are a Big Deal!

To be the best travel dealmakers in the world, it’s important we have a workforce that reflects the diverse customers and communities we serve. We are committed to cultivating a culture where all employees have the freedom to bring their individual perspectives, life experiences, and passion to work. 

Priceline is a proud equal opportunity employer. We embrace and celebrate the unique lenses through which our employees see the world.  We’d love you to join us and add to our rich mix! 

Applying for this position

We're excited that you are interested in a career with us. For all current employees, please use the internal portal to find jobs and apply.

External candidates are required to have an account before applying. When you click Apply, returning candidates can log in, or new candidates can quickly create an account to save/view applications.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  2  1  0

Tags: CCSK CCSP CI/CD CISA CISSP Cloud Compliance CRISC DevOps ISO 27001 NIST Risk assessment Vulnerabilities Vulnerability management

Perks/benefits: Career development Flex hours Flex vacation Startup environment

Region: Asia/Pacific
Country: India

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.