Eindhoven, North Brabant, Netherlands
Security governance, risk and compliance leader with 17+ years of experience spanning enterprise GRC, AI governance, product security and offensive security, in regulated industries including travel, fintech, healthcare and energy. Currently leading a 12-person risk and compliance team at Booking.com, with ownership of enterprise risk management, third-party cyber risk and GRC tooling strategy. Combines deep regulatory expertise (EU AI Act, DORA, NIS2, GDPR) with hands-on technical credibility (OSCP, MSc in Machine Learning) and a track record of building risk functions from the ground up.
- Managing a multi-cultural team of R&C officers and business security analysts (up to 12 FTE). - Ownership of the Safety, Security and Fraud Risk Register and the Enterprise Risk Management process within the Safety, Security and Fraud Department. - Led market research, selection, procurement and implementation of the GRC tooling to cover the full scope of risk, issues and controls management for the Safety, Security and Fraud department. - Ownership of the Third-party Cyber Risk Management process and associated risk register. - Led integration of TPCRM risk data (originating in Panorays and ORO tools) into the company-wide risk register (ServiceNow GRC). - Managing GRC processes and tooling to track and measure implementation of relevant regulatory frameworks (NIS2, DORA, NIST). - Implemented LogicGate tool increasing senior leadership visibility into the cyber risk, enabling implementing data-driven security strategy.
- Led delivery of the global Information Security and Risk Management (ISRM) program’s goals and objectives at the assigned Business Unit level. - Led a program delivering significant security posture improvement (mandatory MFA, network security, security posture monitoring) for 5 major service providers (ca. 20 000 users globally), while maintaining business continuity. - Deployed and executed a robust security awareness campaign for major partners during a major cyber-security incident, positively influencing customer trust and industry resilience. - Led security attestation program, preparing the Booking Holdings Financial Services entity for payment activation, providing executives confidence all regulatory and business security requirements are met. - Increased Booking.com involvement in the RH-ISAC (Retail & Hospitality Information Sharing and Analysis Center, which brings 250 member companies) by providing security insights, information exchange and creation of industry-wide security standards. - Received the Special Recognition Award by the RH-ISAC for the efforts.
- Leading the Product Security and Security Compliance capability at the business unit level. - Providing product security and GRC strategic oversight over the whole product portfolio. - Contributed significantly to the product technology roadmap, ensuring continuous legal and regulatory compliance (NIST SP 800-53, HIPAA, GDPR, IEC 80001-1). - Embedding privacy by design into the product portfolio, ensuring customers' ePHI protection. - Managing relationship with industry regulatory bodies (FDA, CFDA, DoD, data protection authorities).
- Managed a broad portfolio of major consulting accounts across different industry verticals (automotive, finance, banking and public sector). - Led a team of consultants (including hiring and talent development). - Analyzed client's business strategies and requirements and preparing value propositions fitting their business needs. - Delivered strategic advise on and delivery of enterprise-wide improvements of key cybersecurity controls (PKI, DLP, e-Signatures, data privacy), maintaining alignment and managing expectations of executive and senior stakeholders.
- Provided strategic cybersecurity and privacy consultancy in various industry verticals (public, transportation, finance) - Managed client assignments throughout the whole lifecycle (pre-sales, offer development, procurement, team set-up, execution, followup and upsell), managing executive and senior stakeholders both on supplier and customer sides. - Led information security transformation projects, including large-scale ISMS implementation, ensuring compliance to and supporting certification according to the ISO/IEC 27001. - Implementing privacy controls and acting as a contractor DPO.
- Developed and led security management business capapility from scratch. - Created and managed security function strategy and CapEx / OpEx budget, aligning with overall business strategy. - Led implementation of ISMS conformant to ISO/IEC 27001 across CEE region. - Responsible for third-party cybersecurity, embedding security requirement into the procurement lifecycle.