Tech Americas | Information Security | Cybersecurity Engineer | New York

About ING: 

 Ranked #8 on LinkedIn Top Companies in Financial Services

Crain’s 100 Best Places to Work

Ragan’s Top Places to Work in 2023

In Americas, ING’s Wholesale Banking division offers a broad range of innovative financial products and services to domestic and international corporate and institutional clients. 

 
When you come to work at ING, you’re joining a team where individuality isn’t just accepted, it’s encouraged. We’ve built a culture that’s fun, friendly and supportive – it’s the kind of place where you can be yourself and make the most of whatever you have to offer.

We give people the freedom to take risks, think differently, take ownership of their work, and make great things happen. We’re here to help you get ahead. And with our global network, there’s plenty of scope to take your career in new directions, perhaps even ones you’ve never considered.

Sound like the kind of place you’d feel at home? We’d love to hear from you.

About the position:

We are seeking a highly skilled Cybersecurity Governance, Risk and Compliance expert to join our Americas region Information Security team. As a Cybersecurity e GRC engineer at ING, you will work closely with other members of the Information Security and DevOps teams to ensure the security of our information systems and data. The future candidate of this role must be a well-rounded risk practitioner who possesses a wide range of knowledge across multiple methodologies of Cybersecurity and IT Risk and have a passion for coaching other less experienced members of the IT organization in their journey to properly gauge and evidence risk.

About the company:

ING Americas Tech is the support backbone and catalyst for new and innovative solutions that drive growth for both internal and external customers. We strive to bring technical expertise and business knowledge together to support a wide range of products within media and telecoms (TMT), utilities power and renewables, natural resources, food and agribusiness, real estate, and infrastructure, with financial product specialists in industry lending, corporate finance, debt capital, commodity and export financing, sustainable finance and much more.

Responsibilities:

Ownership for the IT risk controls and processes groups in line with existing Wholesale Banking paradigm shift strategic initiative.Serve as an expert advisor to CISO/GRC leadership in the development, implementation, and maintenance of a strong information privacy and security program to meet ING risk appetite.Support the local IT & Cyber Risk community to manage IT & Cyber Risk in ING’s domestic business lines.Advise local process owners in designing and implementing IT and Security processes and systems to manage and report IT & Cyber Risk.Review and analyze (new) regulations, policies, standards and guiding principles. Integrate and communicate relevant risk and control-related changes to stakeholders in 1st, 2nd or 3rd Line of Defense (LoD).Review and evaluate Third party cyber security risk management for incoming new vendors and solutions for future risks and opportunities to improve IT security and meet compliance.Executes APT scenario analyses together business and IT Security team and manage red/Blue teaming objectives to asses & challenge with 2nd line of defense & corporate audit. Coach DevOps to manage secure applications and that can easily produce IT Risk evidence.Support continuous improvement on all security maturity initiatives such as risk assessments and initiatives e.g., DLP exfiltration channels and translate business stakeholder requirements.Perform deep dives into systems and controls to assess riskManage IT security standards and procedures to ensure they are developed/updated/reviewed.Manage several security services including, security requirements, threat modelling, design reviews secure code review, penetration tests, security trainings.Provide advice on and support the establishment of a culture and mindset with a strong engineering mindset on risk management.

Qualifications and Competencies

B.S. in Computer Science (or equivalent major) or significant job experience. Top candidates will possess one or more market leading security certifications (e.g. CISM, CISSP, CCSP, CEH).At least 5 years' experience in Information Security, Cyber Security regulation compliance, IT Audit, Dev Sec Ops, Cloud Security.Technical expertise: Strong technical background and knowledge in areas such as network security, cryptography, vulnerability management, and penetration testing.Compliance: Knowledgeable in industry regulations, laws, and standards such as NYDFS, CFTC, FINRA, and SEC rules, and be able to ensure that systems and processes are compliant.Communication: Clearly communicate complex technical information to both technical and non-technical stakeholders, such as senior management, auditors, and regulators.Collaboration: Work effectively as part of a team and collaborate with other stakeholders, such as developers, system administrators, and business users.Strong knowledge of Identity and Access Management, Incident Response, Security tooling (SIEM, DLP, IDS/IPS, and endpoint protection, EDR/SDR/XDR)Automation: With the increasing complexity of IT systems, a top candidate should have experience with automation tools and techniques to drive IT Risk Automation initiatives.Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration

Salary Range: $143,000 -$165,000

In addition to comprehensive health benefits, a generous 401k savings plan, and competitive PTO, ING provides a broad array of benefits including adoption, surrogacy, and fertility services; student debt assistance; and subsidies for expenses associated with working from home, commuting, and fitness.

ING is a committed equal opportunity employer. We welcome applicants of diverse backgrounds and hire without regard to color, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law. We celebrate these differences and rely upon your unique perspective to innovate and seize new opportunities. Come as you are.

ING Bank does not have a commercial banking license in the U.S. and therefore not permitted to conduct a commercial banking business in the U.S. Through its wholly owned subsidiary ING Financial Services LLC, and its affiliates, it offers a full array of wholesale products such as commercial lending and a full range of FM products and services.