Cybersecurity Group Product Manager - Enterprise Security - Strategy & Delivery

Description du poste:

About Us: At Booking.com, data drives our decisions. Technology is at our core. And innovation is everywhere. But our company is more than datasets, lines of code or A/B tests. We're the thrill of the first night in a new place. The excitement of the next morning. The friends you encounter. The journeys you take. The sights you see. And the memories you make. Through our products, partners and people, we make it easier for everyone to experience the world.

About our team:

Enterprise Security at Booking.com protects the foundations of a global technology platform while helping the business move fast and innovate safely. The team brings together expertise across identity and access management, cloud, network, infrastructure, vulnerability management, endpoint, and email security, alongside proactive cyber defense, threat detection, and incident response.
By working across technical and business domains, Enterprise Security delivers scalable security capabilities that improve resilience, reduce risk, and support Booking.com's continued growth.

Role Overview:

The Group Product Manager - Enterprise Security - Strategy & Delivery is a high-impact leadership role requiring a seasoned cybersecurity authority with over a decade of hands-on practitioner experience. Reporting to the Director of Enterprise Security, you will define and execute a comprehensive security vision that spans IAM, cloud and network security, threat detection, and incident response. You will lead a team of Product Managers to translate high-level strategy into actionable roadmaps, overseeing the entire lifecycle of security services from conception to delivery assurance. While leveraging product management methodologies to drive alignment, the
core of this role is profound domain expertise and proven people leadership; you will act as a strategic pillar within the organization to mitigate enterprise risk, manage complex stakeholder relationships, and ensure a robust, multi-layered defense posture across all global assets.

Key Job Responsibilities and Duties:

The Group Product Manager - Enterprise Security - Strategy & Delivery, as a foremost cybersecurity authority, will:

Strategic Cybersecurity Leadership & Capability Portfolio Management:

* Spearhead Enterprise Security Strategy: In deep collaboration with the Director of Enterprise Security and the Enterprise Security Leadership Team, co-define, continuously evolve, and champion a comprehensive, forward-looking strategy for the entire portfolio of enterprise security capabilities and services. This strategy must be rooted in profound practitioner knowledge of the cyber threat landscape, risk management principles, and the operational needs of the business, ensuring robust threat prevention, advanced proactive defense, effective enterprise-wide threat detection, and efficient incident response.
* Define & Prioritize Cybersecurity Capabilities based on Expert Domain Knowledge: Leveraging extensive experience across enterprise cybersecurity domains (including, but not limited to, Identity and Access Management, network security, cloud security, infrastructure security, vulnerability management, endpoint & email security, and the principles of effective security operations, threat detection & response), identify, define, and rigorously prioritize the critical security capabilities required to protect the organization.
* Master Enterprise Cybersecurity Domains: Maintain and actively expand an expert-level practitioner's understanding of diverse enterprise cybersecurity domains, emerging threats, attack methodologies, and defensive technologies to ensure all strategic decisions and capability definitions are state-of-the-art and maximally effective.
* Drive Security Capability Innovation & Lifecycle Management: Identify and champion innovative approaches, technologies, and methodologies to advance enterprise security. Oversee the full lifecycle of all defined security capabilities-from conceptualization based on security needs, through development and deployment, to ongoing optimization, and eventual retirement if superseded.

Leadership of Cybersecurity Delivery & Operational Excellence:

* Lead & Mentor Cybersecurity (Senior) Product Managers: Direct, inspire, coach, and develop a specialized team of Cybersecurity (Senior) Product Managers. Foster within this team a culture of deep cybersecurity understanding, accountability, strategic thinking, and effective execution in their role of translating security strategy into tangible capabilities.
* Orchestrate Strategic Roadmaps & Execution: Oversee the transformation of high-level enterprise security strategy into clear, actionable, and prioritized multi-year and quarterly roadmaps for the entire portfolio of security capabilities. Drive relentless focus on the execution of these roadmaps.
* Ensure Rigorous Delivery Assurance & Impact Measurement: Take ultimate accountability for ensuring that defined security capabilities are delivered effectively by engineering and operational teams. Establish and manage mechanisms for tracking progress, proactively identifying and mitigating delivery impediments, and measuring the impact and efficacy of deployed capabilities through relevant KPIs and security metrics.
* Govern Capability Backlogs & Prioritization: Guide the Cybersecurity (Senior) Product Managers in curating and prioritizing detailed capability backlogs, ensuring they are clearly defined, technically informed, and aligned with strategic security objectives and risk reduction goals for consumption by technical delivery teams.

Cross-Functional Influence & Stakeholder Partnership:
* Act as a Senior Cybersecurity Advisor & Influencer: Serve as a key cybersecurity thought leader and trusted advisor to senior leadership, technical teams (cybersecurity engineering, threat detection & response, IT, platform engineering), and business unit leaders. Use deep domain expertise to influence decisions and ensure enterprise-wide alignment on security strategy and capability adoption.
* Champion Strategic Security Communication: Articulate the enterprise security vision, capability roadmaps, delivery status, and security posture improvements effectively and persuasively to diverse audiences, from highly technical teams to executive leadership.
* Forge Strong Collaborative Alliances: Cultivate robust partnerships across the organization to ensure a cohesive approach to security, facilitate the integration of security capabilities, and ensure the security needs of all parts of the business are understood and addressed.

Role Qualifications and Requirements:

Substantial Knowledge (12 + years)
High caliber Cybersecurity practitioner and leader

Educational Background:
* Bachelor's or Master's degree in Computer Science, Information Security, Engineering, or a related technical field, or equivalent extensive practical experience as a cybersecurity practitioner and leader.
Experience & Foundational Expertise:
* Extensive Experience as a Cybersecurity Practitioner & Leader: Critically requires 12+ years of demonstrable, in-depth experience across diverse cybersecurity roles, with a significant portion in leadership positions guiding strategy or complex security initiatives. This includes a proven track record of deeply understanding, architecting, or leading the implementation of enterprise-wide security solutions, reflecting profound knowledge from a seasoned practitioner's viewpoint.

Broad and Deep Enterprise Cybersecurity Domain Expertise: The GPM must possess and maintain profound strategic and architectural knowledge across the full spectrum of enterprise cybersecurity, reflecting deep practitioner-level understanding and experience. This role requires the ability to define, integrate, and guide the strategic roadmap for capabilities ensuring robust threat prevention, comprehensive security posture management, advanced proactive defense strategies, effective enterprise-wide threat detection, and efficient incident response. Key areas of significant, architecturally-aware expertise include:

* Identity and Access Management (IAM): Deep strategic and architectural knowledge of comprehensive IAM frameworks, Zero Trust principles, and modern identity solutions. Expertise in defining strategic roadmaps for IAM capabilities, including identity lifecycle management, advanced authentication & authorization strategies, privileged access management (PAM), and directory services security.
* Network Security: In-depth strategic understanding of enterprise network security architecture, principles of network segmentation, defense-in-depth, and secure network design for on-premise and cloud. Expertise in the strategic application and integration of capabilities like firewalls, IDS/IPS, WAFs, VPNs, proxies, and DDoS mitigation.
* Cloud Security (Public, Private, Hybrid & Containers): Significant expertise in security principles, architectures, threat models, and best practices across major public cloud platforms and hybrid/private cloud, including container and serverless security. Ability to define strategic capabilities for cloud security posture management (CSPM), secure configurations, cloud IAM, and integration of detection/response for cloud.
* Infrastructure & Platform Security: Strong architectural and strategic knowledge for securing underlying enterprise infrastructure (data centers, servers, OS, virtualization). Deep understanding of system hardening principles, secure baseline development strategies, and architectural patterns for secure access mechanisms.
* Enterprise Vulnerability Management Strategy: Profound understanding of the principles and strategic lifecycle of enterprise-wide vulnerability management. Expertise in defining capabilities and strategies for vulnerability identification, risk assessment, prioritization, and integration with remediation planning.
* Endpoint & Email Security: Deep strategic knowledge of modern endpoint security architectures (EDR/XDR concepts, host-based prevention) and enterprise email security solutions (anti-phishing, threat intelligence application, sender authentication). Ability to define comprehensive protective capabilities.
* Cyber Threat Detection & Security Operations Strategy: Significant expertise in the principles, architectures, and strategic operational models for effective enterprise-wide cyber threat detection and security operations. This includes strategic knowledge of how various telemetry sources are leveraged, the role of different detection methodologies, and defining capabilities that enable efficient and effective SecOps.
* Incident Response & Crisis Management Frameworks: Deep strategic knowledge of incident response lifecycle frameworks, crisis management principles, and defining the capabilities required for effective enterprise-wide containment, eradication, recovery, and post-incident learning.
* Proactive Defense & Threat Hunting Strategies: Strong strategic understanding of proactive defense measures, including threat hunting concepts, methodologies, and the types of capabilities and data analytics required to support them effectively. Knowledge of advanced defensive strategies and their application.

Strategic & Product Leadership Acumen:
* Cybersecurity Strategy & Visionary Leadership: Proven ability to develop, articulate, and champion a compelling, long-term strategic vision and roadmap for a comprehensive portfolio of enterprise-wide cybersecurity capabilities, deeply aligned with business objectives, risk appetite, and the evolving threat landscape.
* Capability Lifecycle & Portfolio Management: Expertise in defining and managing a complex portfolio of cybersecurity capabilities and services throughout their entire lifecycle - from strategic conception based on risk and business needs, through requirement definition and prioritization, to overseeing delivery assurance, adoption, performance measurement, and continuous evolution or retirement.
* Leadership of Specialized Product Management Teams: Demonstrated success in leading, mentoring, and developing high-performing teams of Cybersecurity (Senior) Product Managers. Ability to foster a culture of deep cybersecurity domain expertise, strategic thinking, accountability, and effective execution within the PM team.
* Data-Driven Prioritization & Impact Measurement: Proficient in establishing frameworks for data-driven prioritization of security initiatives and capabilities. Skilled in defining and utilizing Key Performance Indicators (KPIs) and security metrics to measure capability effectiveness, adoption, operational efficiency, risk reduction, and to drive continuous improvement.
* Agile & Outcome-Focused Delivery: Strong understanding of agile principles and experience applying them to facilitate the efficient definition, development, and delivery of cybersecurity capabilities in a dynamic, fast-paced enterprise environment, with a relentless focus on security outcomes and business enablement.
* Business Acumen & Risk Quantification: Ability to understand and articulate cybersecurity risks and capability investments in business-relevant terms. Experience aligning security strategy with broader business goals and communicating the value of security initiatives to executive stakeholders.
Additional Skills & Qualifications:
* Exceptional Communication & Influence: Outstanding ability to communicate complex cybersecurity strategies, technical concepts, and risks clearly and persuasively to diverse audiences, from deeply technical practitioners and engineering teams to senior executives and non-technical business stakeholders. Proven ability to influence without direct authority.
* Strategic Thinking & Execution: A strategic, visionary thinker with a powerful execution focus. Adept at translating high-level security objectives into concrete, actionable plans and fostering a culture of continuous delivery and momentum.
* Decisive Problem Solving: Effective decision-making skills, particularly when dealing with complex technical trade-offs, ambiguous situations, or high-pressure scenarios. Strong analytical and critical thinking capabilities to address challenging security problems.
* Collaboration & Stakeholder Management: A highly collaborative and solution-oriented mindset. Proven ability to build strong, trusted relationships and work effectively with a wide array of cross-functional teams, senior leaders, and external partners.
* Adaptability & Resilience: Ability to thrive and lead effectively in a fast-paced, complex, and constantly evolving global environment, managing multiple priorities and adapting to change with composure and focus.
Industry Certifications (Preferred): GSTRT, CISSP, CISM, CSSLP, CIPT, or relevant product management certifications (e.g., Pragmatic Marketing, SVPG).

Nice-to-Have Skills:

* Experience mentoring or coaching PMs outside their immediate organization.
* Experience leading community or craft working groups.
* Domain background in Security, E-commerce, SaaS, or Machine Learning.

Benefits & Perks - Global Impact, Personal Relevance:

Booking.com's Total Rewards Philosophy is not only about compensation but also about benefits. We offer a competitive compensation and benefits package, as well unique-to-Booking.com benefits which include:
* Annual paid time off and generous paid leave scheme including: parent, grandparent, bereavement, and care leave
* Hybrid working including flexible working arrangements, and up to 20 days per year working from abroad (home country)
* Industry leading product discounts - up to 1400 per year - for yourself, including automatic Genius Level 3 status and Booking.com wallet credit

Diversity, Equity and Inclusion (DEI) at Booking.com:

Diversity, Equity & Inclusion have been a core part of our company culture since day one. This ongoing journey starts with our very own employees, who represent over 140 nationalities and a wide range of ethnic and social backgrounds, genders and sexual orientations.

Take it from our Chief People Officer, Paulo Pisano: "At Booking.com, the diversity of our people doesn't just build an outstanding workplace, it also creates a better and more inclusive travel experience for everyone. Inclusion is at the heart of everything we do. It's a place where you can make your mark and have a real impact in travel and tech."

We ensure that colleagues with disabilities are provided the adjustments and tools they need to participate in the job application and interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.

Application Process:
This role does not come with relocation assistance.

* Application and CV Review
* Recruitment Phone Screen
* Business Interview 1
* Business Interview 2
* FIT Interview
* Hiring Decision

Let's go places together: How we Hire

Booking.com is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.

Pre-Employment Screening

If your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position