Contributes to the design, preparation and coordination of programs and projects of the NFR function, to challenge, advise and support the identification, analysis and mitigation by 1st Line of Defense/business of non-financial risks, raising the NFR awareness throughout ING and checks that the 1st Line of Defense/business is complying with the risk appetite and escalates where necessary.
ING is looking for a IT & Cyber Risk Specialist
ING is a bank that is known for its IT innovations and has a primarily focus on IT Risk & Security. ING CISO Tech NL is looking for a passionate and inspiring Non-Financial Risk specialist, who will support the CISO department and the IT organization in the role of IT & Cyber Risk Specialist. You will enable IT senior management to work on IT Risk & Security activities ensuring the ING Market Leader applications and processes for Tech NL are and remain safe and compliant.
In the function of IT & Cyber Risk Specialist your main focus will be
to help the engineering squads and Tech NL IT Leadership within Market Leaders NL, to improve their way of working with in the IT & Cyber risk area and make a positive impact on their daily work.
You will fulfil this goal by:
Developing and overseeing the implementation of IT-risk and security policies, procedures, and controls within Tech NL IT domainsProviding guidance and support on IT-risk and security best practicesAssisting and advising on IT-risk and security compliance (ITRMP controls, CAS findings, MIAs, vulnerabilities, and other issues).Supporting improvement initiatives for various risk areas like Risk automation projects, Automated risk reporting, Tool implementation, etc.Implementing various channels for knowledge sharing for IT-risk & security topicsSupporting with drafting required MIAs / risk acceptance and remediation of IT-risk & control issues and security incidentsFacilitating IT-risk and security awareness training programsMonitoring and reporting on status and progress of IT-risk and security compliance state, issue mitigations, audit findings and other relevant KRI’s/KPI’sKeeping track and communicating all changes and updates on risk policies to relevant stakeholders.Supporting the engineering squads in maintaining the risk scores on the target levels, where possible reduce and/ or mitigate the various risksCooperate with first- and second-line risk management including coaching of the first line testing team in BratislavaBuild strong relationship with internal and external stakeholders.
Your working Environment:
In the CISO Tech NL department, we take responsibility for IT Risk & Security focusing on creating a Safe & Compliant bank.
As IT & Cyber Risk Specialist you will liaise with all levels of defence in ING’s risk model ranging from engineers, management and CISO in the first line, Information Risk Officers and policy makers in the 2nd line to auditors in the 3rd line. You will maintain this relations to build a safe, secure and compliant bank with a detailed focus on IT Risk & Security. ING works in multi-disciplinary teams based on Scrum, Agile and DevOps principles. Responsibility for Infra and Security is adapted within the squads, business & IT have joined, making a squad end-to-end responsible for a customer journey or product. This is also called the ING adaptation of the ‘Spotify’ model. For more about our way of working please visit: https://www.youtube.com/watch?v=D3iu2kfZ3w4
The type of person we are looking for:
Inspiring, full of energy and passionateFocused on working together, facilitating others within CISO and its stakeholders to be successfulYou don’t take things as granted and you are willing to challenge the status quoYou have experience and knowledge of IT Risk & Security and its related processesYou are strong at stakeholder managementYou drive for results and you think in possibilitiesYou are constantly looking for improvementsYou are a self-starter and eager to learn and continuous develop yourself in the various Risk areas
The skillset you need to have:
A University/ Postgraduate (Masters) degree in computer science or comparable educationCertification like CISSP, CISM, CRISC or CISA are a preIT & Security risk management expertiseStrong project and stakeholders management skills Experience with data analytics and visualization tools, such as Power BI is a prePeople management skills and coaching skillsStrong analytical skills and critical thinkingStrong communicational skillsStrong consulting, negotiating, and presenting skillsSpeaking and writing the English language is a must have.
ING sets high standards for a high-performing culture, but also for our values according we are working to. These values are defined in the “orange code”. Check out more on: https://www.ing.jobs/Global/Careers/Orange-code.htm
What we offer:
Professional working environment40 hour working weekAn above market average salary depending on experience and expertiseEntrance to (international) IT events, seminars, courses etc.The working location is Amsterdam.