You will fulfill this goal by:

Developing and overseeing the implementation of IT-risk and security policies, procedures, and controls within DBNL Tech NL IT domains
Providing guidance and support on IT-risk and security best practices
Assisting and advising on IT-risk and security compliance (ITRMP controls, CAS findings, MIAs, vulnerabilities, and other issues)
Supporting improvement initiatives for various risk areas like Risk automation projects, Automated risk reporting, Tool implementation, etc.
Implementing various channels for knowledge sharing for IT-risk & security topics
Supporting with drafting required MIAs / risk acceptance and remediation of IT-risk & control issues and security incidents
Facilitating IT-risk and security awareness training programs
Monitoring and reporting on status and progress of IT-risk and security compliance state, issue mitigations, audit findings and other relevant KRI’s/KPI’s
Keeping track and communicating all changes and updates on risk policies to relevant stakeholders.
Supporting the engineering squads in maintaining the risk scores on the target levels, where possible reduce and/ or mitigate the various risks
Prepare, coordinate, document and execute IT SOx audit plans in co-operation with the external auditor
Inform and support international DevSecOps teams to adhere to IT Risk and SOx requirements
Cooperate with first- and second-line risk management including coaching of the first line testing team in Bratislava
Build strong relationship with internal and external stakeholders.

Your working Environment:

In the CISO DBNL department, we take responsibility for IT Risk & Security within Domestic Bank focusing on creating a Safe & Compliant bank.

As IT & Cyber Risk Specialist you will liaise with all levels of defense in ING’s risk model ranging from engineers, management and CISO in the first line, Information Risk Officers and policy makers in the 2nd line to auditors in the 3rd line. You will maintain this relations to build a safe, secure and compliant bank with a detailed focus on IT Risk & Security. ING works in multi-disciplinary teams based on Scrum, Agile and DevOps principles. Responsibility for Infra and Security is adapted within the squads, business & IT have joined, making a squad end-to-end responsible for a customer journey or product. This is also called the ING adaptation of the ‘Spotify’ model. For more about our way of working please visit: https://www.youtube.com/watch?v=D3iu2kfZ3w4

The type of person we are looking for:

Inspiring, full of energy and passionate
Focused on working together, facilitating others within CISO and its stakeholders to be successful
You don’t take things as granted and you are willing to challenge the status quo
You have experience and knowledge of IT Risk & Security and its related processes
You are strong at stakeholder management
You drive for results and you think in possibilities
You are constantly looking for improvements
You are a self-starter and eager to learn and continuous develop yourself in the various Risk areas

The skillset you need to have:

A University/Postgraduate (Masters) degree in computer science or comparable education
Certification like CISSP, CISM, CRISC or CISA are a pre
IT & Security risk management expertise
Experience with data analytics and visualization tool, such as Power BI is a pre
People management skills and coaching skills
Strong analytical skills and critical thinking
Strong communicational skills
Strong consulting, negotiating, and presenting skills
Speaking and writing the English language is a must have

ING sets high standards for a high-performing culture, but also for our values according we are working to. These values are defined in the “orange code”. Check out more on: https://www.ing.jobs/Global/Careers/Orange-code.htm