[Platform] Risk Engineer
Background
Global Customer Reporting for Payments (GCRP) is the Reporting Application engine for Wholesale Banking, connecting all countries, through all WB channels and Backoffices. Because GCRP is a crucial application, the risk control requirements are stringent.
Role description
You will be responsible for assuring the effectiveness of risk management processes, analyzing risk data, and supporting risk mitigation activities as an IT Risk Ops Profile. Your expertise will be critical in maintaining a secure and compliant IT environment for our organization.
Responsibilities:
To ensure control objectives are always met to keep risk score within risk toleranceUnderstanding of application security aspects.Creating a Risk awareness culture & adhere to the defined Risk Management framework and StandardsMonitor and analyze IT risk data to identify potential vulnerabilities, threats, and trends.Assist in the development and implementation of IT risk management strategies and frameworks.Conduct regular reviews of IT controls and processes to assess their effectiveness and identify areas for improvement.Collaborate with cross-functional teams to ensure IT risk management practices are aligned with organizational objectives.Support the development and maintenance of IT risk policies, procedures, and documentation.Coordinate risk assessments and control testing activities to ensure compliance with internal and external requirements.Participate in incident response activities related to IT risk incidents, including investigation, analysis, and remediation.Maintain and update risk registers, risk profiles, and risk dashboards to provide accurate and timely risk reporting to stakeholders.Contribute to the development and delivery of IT risk awareness and training programs for employees.Good English writing and reporting skills and preferably has experience with risk audits.Giving demos and instructions to teams, writing work instructions can be part of the work.The risk engineer will be part of the Platform squad within the Reporting area. Given that the whole squad owns the Sprint Backlog, it can also be that he/she will have to work on topics not related to Risk (e.g. improving release management, incident management, etc.)
Role requirements
Below are the requirements that have been set for this role (experience and knowledge) and the MoSCoW classification for each.
Job
Must have:
Passion for Risk / Risk mindset > 4 yrs Passion for automation > waste-buster > 2 yrsAnalytical and investigative by nature > 6 yrsKnowledge and understanding of software development and deployment process > 4 yrsKnowledge about Business Impact Assessment, Detailed Risk Assessment, and applicability of security controls > 3 yrsExpert in control areas – Change Management, Platform Security, Operational Resilience, Cybersecurity Resilience, Security Monitoring & Identity and Access Management >3 yrsShould have:
Basic understanding of infra, networking (cloud, machines, firewalls, network domains) and communication protocols (XFB, FTP, EMS, MQ, HTTP) > 2 yrsExperience in monitoring/evaluating the effectiveness of existing risk controls and recommend improvements as necessary >2 yrsNice to have:
Knowledge of the ING risk model > 1 yrTechnology & tools
Should have:
Basic some scripting knowledge > 2 yrsBasic knowledge of Linux commands > 1 yrNice to have:
Experience with automation, and automation tools (e.g. Ansible, Python) > 2 yrsAzure Fundamental knowledge >1 yrSoft skills
Must have:
Always out to learn new skills, and to teach others in the processProactive attitude > don't wait for someone to tell you what to doShould have:
Experience with coaching junior and medior engineersNot shy to express and defend his/her opinion in front of a crowd (which may not be the popular opinion)Other
Must have:
Experience with Agile and Scrum way of working Knowledge of Payments
Should have: