Listing Description

Rocket Travel is looking for a Senior Security Governance Risk and Compliance (GRC) Analyst to join our Security Compliance team. In this role, you will support the growth of Rocket’s overall Information Security program and Cybersecurity maturity. The role includes developing strong security policies, controls and practices within our cloud-based platform.

This role reports directly to the Information Security Manager, and is based out of the Rocket headquarters located in Chicago's West Loop. 

Rocket Travel is a place where you:

• Work with a group of intrinsically motivated people with a track record for building successful new businesses from scratch.


• Embody curiosity, community, and accountability. We live and build products and work with business partners and each other by embodying these values every day. 


• Own decisions and take action that can be implemented in a matter of days (or hours).


• Get inspired and encouraged to vacation faster, with an annual vacation stipend.


• Receive a competitive compensation package, including bonus, 401k with match, flexible vacation time, maternity and paternity benefits, health, and dental insurance.


• Can have a flexible work schedule. Our Rocket Travel headquarters is located in Chicago’s West Loop, where this position is based. We have a hybrid team and a flexible work environment.


• Share your passion for travel with equally adventurous teammates. 


• Work within the largest online travel company in the world. Rocket Travel creates B2C and B2B2C travel products and is part of Booking Holdings (BKNG). We have many worldwide partners and a diversified business. Despite the world’s current situation, Booking Holdings has been rated the healthiest company in travel, and Rocket itself is already seeing travel demand surpass pre-pandemic levels.

As a Senior Security GRC Analyst at Rocket Travel, you will: 

• Design and implement company-wide security and compliance programs, collaborating with our IT team.


• Answer partner risk management and security questionnaires, collaborating with our Commercial/Partnerships team.


• Lead security related internal and external audits, self-assessments for PCI compliance, SOX compliance, SOC 2, etc..


• Build an internal library of resources on data protection, cyber security, system diagrams, process flows, etc.


• Oversee periodic internal reviews of user access and process compliance.


• Coordinate with other brands in the Booking Holdings Group on cross-Group security projects.


• Oversee critical remediation gaps to conclusion.


• Improve Rocket’s security mindset by educating colleagues to raise awareness.


• Manage annual policy review, updates and approvals.


• Authentically represent and articulate Rocket’s values and company culture.

About you:

• You have a minimum of 3-5 years of work experience in Information Security, Cyber Security, IT, IT Auditing, or Compliance and a bachelor’s degree in technology related field or business.


• You have knowledge of compliance requirements including PCI-DSS, SOX, etc.


• You have knowledge of privacy and data protection regulations including GDPR, CCPA, etc.


• You have experience with audit processes including completing security questionnaires/audit forms and gathering evidence; proficiency in Tugboat a plus.

• You have experience writing/reviewing security policies in a B2B or B2B2C setting.

• You possess strong knowledge of information system security best practices, including access control, auditing, logging, monitoring, security policies, and incident response. 


• Holding a professional accreditation such as CISM or CISA is a plus.

• You are able to manage multiple projects, priorities and deadlines among various stakeholders.

• You are an effective communicator (verbal and written), and are able to convey technical and non-technical concepts to a variety of audiences.

• You have experience building and managing security related project plans.