Permanent employment
Master (EQF 7)
Apply before:
Hours p/wk:


Your work environment:

Winning the war against the criminals by stealing their operation theater with the license to hack!


Criminals only need to be right once, while we have to be always vigilant to be able to stop the ever-evolving threat actors. As a security professional, you have the mindset of an adversary to challenge the overall global security for ING, including people, processes, and technology.

You will be part of the security assessment services (SAS) Team which is part of the Global CISO office.


We focus on strengthening the IT Security strategy of the bank, keeping it sharp to meet the cyber security challenges and ensure that ING is focusing on areas of absolute relevance when it comes to preventive and detective measures.


SAS has a hands-on approach when it comes to security and focuses on a constant evolution of security assessment skills by means of research and on the job experience.


You will be working in a highly specialized team focused on the core concepts of cyber security. Your colleagues have a proven track record of thought building leadership in the field of cyber security. The activities take place in a multicultural team with a global scope where the standard language is English.

A risk mind, make-it-happen mentality to IT security and a proven cyber security track record are prerequisites for this role.


Job description:

SAS is end to end responsible for several security capabilities like red teaming, penetration testing, vulnerability scanning and includes process descriptions, process control standards and continuous improvements.


You will support and contribute to the team with your risk expertise and play a key role in the development, maintaining and updating of process control standards, security controls and processes in alignment with global stakeholders.


You guide towards best practices, industry standards and solutions to assure quality and continuous improvement of our security testing capabilities and you are aware of the latest regulations regarding security testing like DORA.


You will assess the outcome of global security assessments – like red team exercises – and contribute to deliver a remediation plan which is agreed with business, risk and other stakeholders.


You make sure findings are addressed and make sure that they are followed-up by the responsible entity. This includes risk items where SAS needs to take action so we remain within risk appetite.


You have a helicopter view and determine priorities based on context across teams, business units and domains. You help the team improve the execution of daily capabilities and support them with your expertise. This includes capabilities like vulnerability scanning and security testing and validation in the CI/CD pipeline.


You participate actively in core team meetings and address risk related issues and improvements. You build and maintain a network of trust-based relationships with other risk departments within the organization.


You pro-actively contribute to the vision and roadmap of the team, combining and building on the ideas of yourself or others to improve and innovate.


You contribute to the continuous development of the team.


You provide training and coaching on the job to (more junior) colleagues within ING and contribute building a security culture within the team.


With your thorough understanding of non-financial risk you are the go-to-person for others when they encounter challenges in this field, and you are a sparring partner for the leadership team.


You serve as an example of giving and receiving feedback and contribute to an environment of open dialogues that encourage expertise and personal development.


Who are you?

  • Education level: Master.
  • Passionate about the field of cyber security / resilience and risk.
  • Minimal 3-5 years of experience in information security or non-financial risk.
  • Resilient and organized thinker with functional and technical ability to execute follow-up and advise where necessary on identified gaps.
  • Able to operate independently and at an advanced level of written and spoken communication; including professional reports and presentations to explain findings remediations and assess risk.
  • Seamless ability to communicate technical issues in a business language.
  • Coordinating security risk assessments and implementation of solutions in an international environment.
  • Analyzing, steering and reporting on performance indicators and quality.
  • An enthusiastic, social, ambitious team member with the goal to add value to our team and department.
  • Prior experience working as a cyber risk consultant for a bank, government, Big -4 or defense agency is a plus.
  • Holding certifications like CISM, CISSP or similar certifications is a plus.



  • Problem solving
  • Transparent
  • Result driven
  • Team player
  • Flexible
  • Pragmatic
  • Accurate
  • Can do- will do attitude
  • Promotor of our orange code