What you'd actually do

Coordinate personal data security and cybersecurity activity.

Coordinate and support the management of cybersecurity incidents as part of a cross functional unit.

Record, report and advise on regulatory compliance with global privacy, security and finance authorities, and law enforcement.

Be well structured, clear and organised, with an ability to prioritise and drive progress within a very fast paced environment.

Partnering on data incidents, implementation of frameworks and policies, and providing legal advice and guidance on cybersecurity issues.

Skills

Required

EU, UK or US law degree
A Bachelors’ and/or Masters’ Degree, and a legal professional qualification; a CIPP/E / CIPT (or similar) certification
8-12 years experience in a reputable law firm or in-house team
Native or fluent English speaking and writing skills
Hands-on experience in data protection and cybersecurity laws, privacy compliance and data security
Knowledge and experience in cyber-risk and a comprehensive understanding of enterprise technology
A deep understanding of GDPR and how this applies to developments in the fields of technology and security
Ability to be the “voice of reason” in crisis situations, to quickly respond to issues at hand and to prioritise effectively, with a “customer first” mindset
Excellent communication skills (written and oral), attention to detail, organizational and project management skills and ability to meet deadlines, prioritising appropriately
Excellent drafting skills
Adaptable, with a growth mindset, ready to embrace change in order to meet evolving business needs, work in ambiguous situations and under pressure, and learn from mistakes
Strong ability to lead and inspire a team
Experience is translating company and department strategy into team objectives for yourself, and your team members
Ability to successfully manage multiple projects whilst meeting deadlines and prioritising appropriately
Demonstrated cross-functional project leadership and commercial acumen, with ability to balance risk with business objectives
Experience in management of and impactful communication with senior stakeholders, effectively communicating complex ideas and projects simply and succinctly
In-depth understanding of the data and cybersecurity issues that commonly arise in the industry, along with ability to quickly learn and grasp the importance of new and emerging issues and manage processes from inception to completion
Strong collaborative, professional approach; able to succeed in and lead diverse, multidisciplinary, multicultural teams
High proficiency in Microsoft Office (Word, PowerPoint, Excel), Google Suite (Sheets, Docs)

Nice to have

Experience in the FinTech or Alternative Payment Services Provider industry is a plus
AI platform usage

**About Us: **At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. But our company is more than datasets, lines of code or A/B tests. We’re the thrill of the first night in a new place. The excitement of the next morning. The friends you encounter. The journeys you take. The sights you see. And the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.

**The Role: **The newly created **Senior Managing Counsel, Head of Cyber Legal **role is a key position within Booking.com's legal function. This role will be responsible for leading and overseeing a team of legal professionals while guiding and advising the organisation on how to keep personal data safe in an ever evolving risk landscape. You will be expected to work directly alongside business clients, drawing upon your legal knowledge and business acumen to provide on-the-ground support and identify potential legal risks and issues, ultimately helping the organisation to protect the personal data of its employees, customers and partners.

As Booking.com continues to expand its operations and digital ecosystem, a dedicated Senior Managing Counsel who has experience in cybersecurity, financial/banking products is essential to efficiently and consistently manage and prioritise high risk issues that arise from both.

This is a unique opportunity to shape an operational function in material ways, particularly in the context of the world’s favorite pastime - travel.

Key responsibilities:

Coordinate personal data security and cybersecurity activity.
Coordinate and support the management of cybersecurity incidents as part of a cross functional unit.
Record, report and advise on regulatory compliance with global privacy, security and finance authorities, and law enforcement.
Be well structured, clear and organised, with an ability to prioritise and drive progress within a very fast paced environment.
Partnering on data incidents, implementation of frameworks and policies, and providing legal advice and guidance on cybersecurity issues.
Manage and develop a high performing team.
Work closely with the other Legal Counsels, the Data Protection Officer, Cybersecurity, Risk & Compliance, Procurement, Booking Holdings Inc and other colleagues as well as outside counsels worldwide.
Provide legal advice for privacy related matters globally, as well as cybercrime, security and FinTech matters laws.
Perform third party services risk assessments and negotiate data processing agreements and data protection issues within commercial contracts with group members or third parties.
Support with the creation and implementation of efficient and scalable ways of working to enable sustainable business growth.

Qualification & skills:

EU, UK or US law degree
A Bachelors’ and/or Masters’ Degree, and a legal professional qualification; a CIPP/E / CIPT (or similar) certification
8-12 years experience in a reputable law firm or in-house team
Native or fluent English speaking and writing skills
Hands-on experience in data protection and cybersecurity laws, privacy compliance and data security
Knowledge and experience in cyber-risk and a comprehensive understanding of enterprise technology
Experience in the FinTech or Alternative Payment Services Provider industry is a plus
A deep understanding of GDPR and how this applies to developments in the fields of technology and security
Ability to be the “voice of reason” in crisis situations, to quickly respond to issues at hand and to prioritise effectively, with a “customer first” mindset
Excellent communication skills (written and oral), attention to detail, organizational and project management skills and ability to meet deadlines, prioritising appropriately
Excellent drafting skills
Adaptable, with a growth mindset, ready to embrace change in order to meet evolving business needs, work in ambiguous situations and under pressure, and learn from mistakes
Strong ability to lead and inspire a team
Experience is translating company and department strategy into team objectives for yourself, and your team members
Ability to successfully manage multiple projects whilst meeting deadlines and prioritising appropriately
Demonstrated cross-functional project leadership and commercial acumen, with ability to balance risk with business objectives
Experience in management of and impactful communication with senior stakeholders, effectively communicating complex ideas and projects simply and succinctly
In-depth understanding of the data and cybersecurity issues that commonly arise in the industry, along with ability to quickly learn and grasp the importance of new and emerging issues and manage processes from inception to completion
Strong collaborative, professional approach; able to succeed in and lead diverse, multidisciplinary, multicultural teams
High proficiency in Microsoft Office (Word, PowerPoint, Excel), Google Suite (Sheets, Docs), and AI platform usage, with a commitment to continuous improvement.

Further traits look for:

Alignment with Booking.com’s values (Customer First, Succeed Together, Own It, Learn Forever, Do the Right Thing).
Curiosity, flexibility, and a creative, pragmatic approach to problem-solving.
Confidence with collaboration.
Ability to influence stakeholders at all levels.
Proactivity, resilience, and a drive to deliver results.
Strong judgment with attention to both the big picture and key details.
Courage to take a stance and make tough decisions.
Team-oriented, self-aware, and a good listener.
Agility in prioritizing and meeting deadlines.
Forward-thinking, with a focus on emerging legal and policy issues.

Why join the Legal & Public Affairs Team now?

This is a pivotal moment in e-commerce and travel, and joining Booking.com’s Legal & Public Affairs (LPA) team provides you with opportunities to shape the future. The LPA team plays a key role in enabling Booking.com to become a one-stop solution for all travel-related needs, from accommodation to rental cars, flights and attractions, and beyond. This offers travellers what we like to call the ‘connected trip’ – enabling them to book every aspect of their travel experience seamlessly through our familiar, easy-to-use website or mobile app. As a member of the LPA team you will partner with the business to navigate complex regulations, build new products, and negotiate key deals—while driving ethical, sustainable growth.

Who we are?

We are an award winning team of around 200 professionals from 36+ nationalities, with lawyers qualified in multiple jurisdictions and non-lawyers specializing in public policy, economics, compliance, and risk. We have been recognised and shortlisted individually and as a team by the Legal 500 GC Powerlist, Assoc. of Corp Counsel, Global Competition Review, The Lawyer GC of the Year (shortlisted), Compliance Week and the Financial Times. We encourage active participation in the industry, with board membership and representation at industry bodies at multiple levels, starting with our Chief Legal & Public Affairs Officer, who is currently ACC President for Europe. We also engage with stakeholders on policy issues impacting travel and tech innovation, including through our new public affairs blog,"A World Worth Experiencing."

As a team, we believe in:

Being integral to decision-making, shaping Booking.com’s future.
Supporting Booking's mission to make travel accessible, fostering openness and curiosity.
Offering opportunities for team members to explore new areas or specialize.
Providing holistic, integrated legal and public affairs advice.
Continuously improving Legal Operations, innovating, and sharing best practices.
Learning from mistakes and embracing growth.
Working collaboratively with a sense of humor and enjoying the journey together!

Benefits & Perks - Global Impact, Personal Relevance:

Booking.com’s Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive compensation and benefits package, as well unique-to-Booking.com benefits which include:

Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit

**Inclusion at Booking.com: **

Inclusion has been a core part of our company culture since day one. This ongoing journey starts with our very own employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations.

Take it from our Chief People Officer, Paulo Pisano: “At Booking.com, the diversity of our people doesn’t just build an outstanding workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It’s a place where you can make your mark and have a real impact in travel and tech.”

We ensure that colleagues with disabilities are provided the adjustments and tools they need to participate in the job application and interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

Application process:

Let’s go places together: How we Hire
Detailed instructions on post-application requirements including any required application materials, deadlines, portfolios, coding challenges, or other assessments as defined by BU or department.

Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.