IT & Cyber Risk Specialist
You will fulfill this goal by:
- Developing and overseeing the implementation of IT-risk and security policies, procedures, and controls within DBNL Tech NL IT domains
- Providing guidance and support on IT-risk and security best practices
- Assisting and advising on IT-risk and security compliance (ITRMP controls, CAS findings, MIAs, vulnerabilities, and other issues)
- Supporting improvement initiatives for various risk areas like Risk automation projects, Automated risk reporting, Tool implementation, etc.
- Implementing various channels for knowledge sharing for IT-risk & security topics
- Supporting with drafting required MIAs / risk acceptance and remediation of IT-risk & control issues and security incidents
- Facilitating IT-risk and security awareness training programs
- Monitoring and reporting on status and progress of IT-risk and security compliance state, issue mitigations, audit findings and other relevant KRI’s/KPI’s
- Keeping track and communicating all changes and updates on risk policies to relevant stakeholders.
- Supporting the engineering squads in maintaining the risk scores on the target levels, where possible reduce and/ or mitigate the various risks
- Prepare, coordinate, document and execute IT SOx audit plans in co-operation with the external auditor
- Inform and support international DevSecOps teams to adhere to IT Risk and SOx requirements
- Cooperate with first- and second-line risk management including coaching of the first line testing team in Bratislava
- Build strong relationship with internal and external stakeholders.
Your working Environment:
In the CISO DBNL department, we take responsibility for IT Risk & Security within Domestic Bank focusing on creating a Safe & Compliant bank.
As IT & Cyber Risk Specialist you will liaise with all levels of defense in ING’s risk model ranging from engineers, management and CISO in the first line, Information Risk Officers and policy makers in the 2nd line to auditors in the 3rd line. You will maintain this relations to build a safe, secure and compliant bank with a detailed focus on IT Risk & Security. ING works in multi-disciplinary teams based on Scrum, Agile and DevOps principles. Responsibility for Infra and Security is adapted within the squads, business & IT have joined, making a squad end-to-end responsible for a customer journey or product. This is also called the ING adaptation of the ‘Spotify’ model. For more about our way of working please visit: https://www.youtube.com/watch?v=D3iu2kfZ3w4
The type of person we are looking for:
- Inspiring, full of energy and passionate
- Focused on working together, facilitating others within CISO and its stakeholders to be successful
- You don’t take things as granted and you are willing to challenge the status quo
- You have experience and knowledge of IT Risk & Security and its related processes
- You are strong at stakeholder management
- You drive for results and you think in possibilities
- You are constantly looking for improvements
- You are a self-starter and eager to learn and continuous develop yourself in the various Risk areas
The skillset you need to have:
- A University/Postgraduate (Masters) degree in computer science or comparable education
- Certification like CISSP, CISM, CRISC or CISA are a pre
- IT & Security risk management expertise
- Experience with data analytics and visualization tool, such as Power BI is a pre
- People management skills and coaching skills
- Strong analytical skills and critical thinking
- Strong communicational skills
- Strong consulting, negotiating, and presenting skills
- Speaking and writing the English language is a must have
ING sets high standards for a high-performing culture, but also for our values according we are working to. These values are defined in the “orange code”. Check out more on: https://www.ing.jobs/Global/Careers/Orange-code.htm
