Insider Threat Program Specialist

Job Summary:

The Insider Threat Program Specialist will be a pivotal member of the Corporate Security Team, responsible for leading, managing, and continuously enhancing 's comprehensive Insider Threat Program (ITP). This critical role is centered on protecting the company's people, assets, data, and brand reputation by proactively identifying, assessing, and mitigating risks posed by internal employees, contractors, or privileged users, whether malicious, negligent, or unintentional.

The Corporate Security Team, part of the wider Group Security & Resilience function, drives initiatives across Physical Security, Security Operations, Staff Protection, Technical Security Systems and Event Security. The Specialist will act as the organization's primary Subject Matter Expert (SME) in insider threat risk management, requiring a unique blend of behavioral analysis, digital forensics, risk modeling insight, strong analytical thinking, and exceptional interpersonal skills.

The ideal candidate will bring expertise in behavioral analysis, data-driven risk detection, and insider threat operations, along with a sound understanding of privacy, ethics, and organizational dynamics.

The Specialist will work cross-functionally with key partners, including the Insider Threat Technical Program Manager (who is a core member of the ITP team), Cyber Security, Data Security, HR (People), Legal, Compliance, IT, and Global Investigations Services (GIS) at Booking Holdings, to develop, implement, and govern strategies and technical capabilities that strengthen insider risk management across the company.

This role focuses on the strategy, policy, behavioral risk analysis, and operationalizing the program, while coordinating with the Technical Program Manager on cross-department deliverables.

• Lead the development, delivery, and communication of the Insider Threat Program's strategic 2-3 year roadmap for
• Manage the day-to-day activities of the Program, track progress against strategic goals, design and maintain clear, up-to-date program dashboards and metrics.
• Serve as the primary lead for cross-functional governance working groups and act as the program liaison to key stakeholders.
• Develop and maintain insider threat policies, procedures, and standard operating guidelines.
• Develop, track, and report on key metrics to measure the program's effectiveness, identify risk trends, and quantify incident outcomes for stakeholders.
• Proactively conduct organizational-wide risk and vulnerability assessments across internal systems, processes, and data flows to identify and prioritize new areas of insider risk exposure.
• Recommend and drive implementation of program enhancements, including new tools, data sources, workflow, and process improvements.

• Oversee and provide SME input for the identification and analysis of unusual user behaviors or potential insider risk indicators across available data sources (e.g. Data Loss Prevention (DLP), HR data, access logs).
• Partner with Cyber Security and IT teams to design, integrate, and continuously improve detection models that correlate diverse technical data inputs (e.g., endpoint activity, network access, HR changes) for improved fidelity.
• Assist in the requirements gathering, design and implementation of new tools for use in internal threat detection/prevention.
• Provide data analysis and expert behavioral context to support investigations led by HR, Compliance and GIS.

• Provide Subject Matter Expertise to business units on insider risk identification and mitigation practices.
• Drive and manage cross-functional initiatives with teams including HR (People), Legal, Compliance, Finance, and Global Investigations Services (GIS) to support the development of holistic solutions to identify, mitigate, and prepare for insider threats.

• Support or lead insider threat awareness campaigns and employee training programs.
• Provide subject matter expertise to business units on insider risk identification and mitigation practices.
• Stay current with the latest industry trends, threats, and security measures.

• Support the wider Corporate Security team at the Amsterdam Campus office with coverage during office hours and during large business events on site.
• Available to respond to incidents outside of regular business hours when required.
• Ability to occasionally travel to other offices, attend conferences and meet with industry peers.

• Bachelor’s degree in Security Management, Information Security, Cybersecurity, or a related field.
• 5-8 years of experience in developing security programs with strong understanding of insider threat operations, corporate security, cybersecurity, counterintelligence, or risk management roles.
• Experience in large, complex, or highly regulated corporate/tech organizations preferred.
• Exceptional discretion, integrity, and ability to…