Cyber security specialist/Product Owner CISO team - Tribe Fraud & Cybersecurity NL
There has never been a more interesting time to work at ING. We’re on a journey that’s centered around our customers, powered by technology and driven by smart, determined people. Our customers feel our people are empowering them to stay a step ahead in life and in business.
We believe ING plays a pivotal role in protecting our society: in a changing and uncertain digital world we provide peace of mind by ensuring ING is the safest bank. Confidence in the brand of ING, to secure data and services, is the foundation of our existence. So therefore our purpose is:
We as Tribe Fraud & Cybersecurity enable society to do banking in a safe and easy way. We protect your finances by being the best in fighting fraud and combatting cyber threats.
Do you want to make a concrete contribution to combat cyberthreats? Then the role of cyber security expert in the field of Fraud & Cybersecurity at ING is perfect for you!
Your role & work environment
You will be part of the CISO office of ING in the Netherlands. The CISO office is responsible for information security and is part of the Fraud and Cybersecurity Tribe in the Netherlands. You will help transform the team to the next phase and set up a team of dynamic security professionals. Every day will be different working in this team as you will need to engage with both C-level management as operational security professionals. Within the CISO office, you will help bank CISO set the global security policies and ensure local implementation of security capabilities. You will make a concrete contribution to continuously improve the security of all of our assets by assessing and improving our current solutions. Finally, you will ensure that ING remains a front-runner in cybersecurity by keeping up with the latest trends and technologies in cyber security and ensure proper adoption within ING.
Your key responsibilities
- You take on the product owner role for the CISO team in the Netherlands. This means that you prioritize and steer the backlog for the CISO team based on continuous alignment with our different stakeholders. These main stakeholders include bank CISO, the IT security organization and the different operational security teams.
- In your product owner role, you ensure all agile ceremonies including sprint planning, standups, sprint review and retro’s.
- You work closely together with the CISO Lead to establish and operate a CISO office for DB NL and assist in recruiting new team members to strenghten the team. You are the first point of contact in communication with our stakeholders in the Netherlands – mainly bank CISO, the IT security organization and the different operational security teams;
- You establish and facilitate state of the art integrated security threat and IT risk profile assessments in collaboration with all relevant stakeholders;
- As security subject matter expert, you contribute to the security vision and drive the security roadmap for the organisation together with the DBNL CISO and other stakeholders. You perform and deliver maturity and value assessments of the different security capabilities to identify improvement needs and opportunities.
- You organize and conduct business-facing threat assessment and prioritization sessions, with the goal of identifying top risks and related mitigating efforts (“Security Watch”). You manage the portfolio of security efforts tied to those assessments – examples include, the scoping and execution of red/blue team engagement, the implementation of additional security measures (e.g. identity and access solutions), the execution of specialized training programs, the definition of threat profiles and intelligence gathering in collaboration with the Global Intelligence Centre.
- You provide expert support and facilitation during Detailed Risk Assessments (DRA) and scenario analysis;
- You contribute to Red/ Blue team exercise by identifying relevant threats/ scenarios;
- You assist in development of global Security Baseline security standard and guidance and support local Security Baseline template updates;
You translate the relevant cyber threats and risks into relevant and effective internal training and awareness campaigns You own the coordination and support the execution of scenario analysis deep dive sessions with business and IT stakeholders. These sessions aim at identifying specific threats impacting business critical processes and assets and to identify actions and remediations to be implemented. This may include refinement of security event monitoring use cases, strengthening of security baseline designs.
What are we looking for?
A colleague with a talent for taking it on and making it happen, enthusiasm for helping others to be successful and a knack for always being a step ahead. In other words, you strive to bring fresh ideas to life and embrace challenges in a fast changing and complex environment. You are a naturally collaborative person who listens and invests in others to achieve common goals. You love to challenge the status quo and are eager to propose creative solutions to problems.
As a cyber security specialist you will also need:
- 10+ years of professional experience in IT or information security
- BS/MS degree in computer science or related field. Certification like CISSP, CISM, etc. are highly recommended
- Proven experience in product ownership and/ or project management/ road management for large security project. Proven experience in successfully managing stakeholder expectations in complex environments;
- Prior experience in performing threat assessments and scenario analysis and assessing security capability maturity;
- Prior experience in risk management or experience working across lines of defence is an added benefit;
- Applied knowledge of various information security frameworks (e.g. ISO27001, NIST, CIS)
- Strong analytical skills and ability to solve high complexity problems
- Outstanding oral and written communication skills
- Strong communication and reporting skills (including C-level reporting)
- Experience of working in complex environments
- Team player and collaborative
- Excellent command of the English language, both in writing and in speech
What do we offer you?
Function classified in function scale 12 Based in the Netherlands, Amsterdam however upcoming months working from home will remain the standard. Plenty of personal development and possibilities and career options Laptop and mobile phone
A clear purpose, a unique offer and a range of flexible compensation and other benefits:
- Personal growth & challenging work with many opportunities to realise your ambitions
- A progressive and agile way of working, where new ideas are valued ahead of convention
Furthermore, within the CISO department, you can count on a range of opportunities to invest in your personal and professional growth with:
- Coaching by our agile coaches to take your skills to the next level;
- A diverse range of projects making sure you are always challenged and continue to grow professionally;
- The opportunity to represent ING in industrywide/ national security bodies (Cyber Security coalition, national CERT,…) offering you the opportunity to work with and learn from captains of industry;
- A broad training curriculum, tailored to your personal interests.