Job
Description
As a Specialist, Risk & Control (R&C) at Booking Holdings India, your role will involve supporting R&C with SOx testing of IT Application controls and IT Dependent Manual Controls. You will play a key part in testing internal controls to support SOX302 attestation. Additionally, you will act as a subject matter expert, advising the Risk team on controls design, deficiencies evaluation, and improvements from a SOx testing standpoint. Your key areas of responsibility will include, but are not limited to: - Designing and executing day-to-day testing activities of IT application controls and Business controls, focusing on regulatory/compliance (SOX) related risks - Collecting, analyzing, and interpreting information to assess and conclude on each assigned testing area with clear concise documentation - Identifying gaps in design and execution, and communicating issues and recommendations to R&C team and control owners - Developing and maintaining comprehensive documentation including process walkthrough documentation, control testing documentation, and any others required - Collaborating and partnering with R&C to ensure critical SOx controls are adequately designed and documented, strengthening the control environment, mitigating company risks, and supporting business objectives - Collaborating and participating within R&C to continuously improve the R&C's capabilities and governance from a SOX testing standpoint The ideal candidate for this role should have: - Strong background in IT risk management and experience in ERP audits with a good understanding of IT application controls and IT dependent manual controls/business process controls - 4+ years of experience in IT compliance, internal controls, internal/external audit, including working in an international environment - Strong understanding of design assessment and operating effectiveness assessment of IT automated process controls, IT dependent manual controls, and interface controls - Experience in technology-based product development/DevOps processes, cloud security, and other modern-day technologies - Understanding of different architecture (SOA and microservices) and the ability to review source codes is an added advantage - Knowledge of risk management fields and frameworks including SOx, COSO, and COBIT - Strong working knowledge of SOX - Ability to multitask, manage multiple priorities and projects successfully - Strong work ethic, enthusiastic, self-starting, adaptable, and enjoys change in a super engaged team - Ability to work independently and autonomously while being a strong team player - Fully comfortable working in English, both written and spoken - Professional certification such as CISA/CRISC/CIA (or similar) would be an advantage - Relevant Bachelor's degree is required (Note: Omitting the additional details of the company as it is not explicitly mentioned),
