Senior Security Architect Cryptography

ING Office of the CISO is looking for a (Senior) Security Architect Cryptography.|
 

ING Office of the CISO focuses on Information Security steering, threat management and assurance. We translate key risks & threats, high-level business requirements and applicable law & legislation into IT Security Standards & Architectures and enterprise wide Information security initiatives to achieve ING's objectives, while delivering threat intelligence  and monitoring the external threat landscape.

The objective of the Global Information Security Management department is to ensure that business strategy and Information Security implementation are aligned on an ongoing basis taking into account applicable security threats, market best practices, risk appetite and cost targets. The main activities are:

• Align the security strategy with other functions in and outside ING.
• Create and maintain IT Security Standards (e.g. User Access, Cryptography, Security Monitoring, Platform and Software Security) with corresponding security norms.
• Coordinate the global implementation of information security requirements to meet agreed security objectives.
• Drive security innovations, processes, and technologies into operations by providing ING’s business units with adequate guidance from strategic to technical level.

   

  The Security Architecture team consists of 5 professionals that operate from Amsterdam with a Bank-wide focus on Information Security. Its members are typically experienced and highly educated and they have diverse interdisciplinary backgrounds.

   

Job description

• Strategic Advice
  • Requirements gathering, collect data, analyse the client’s business and provide input to support the strategic decision-making processes. Challenge the validity of given procedures, processes, policies and systems.
  • Advise Domain Architects, Enterprise Architects, (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scoping.
  • Support the development of business cases, technology vendor strategy and perform impact analysis.
     
• Reference Architecture Delivery
  • Formulate and test hypotheses and draw conclusions to determine appropriate cryptography solutions for ING,
  • Design Reference Architecture for Cryptography ensuring the optimal match between technology, fit-to-infrastructure (feasibility of deployment), costs, user friendliness, measurability, and flexibility/scalability.
  • Specifically design key components that must be enforced and can be measured automatically.
  • Maintain and update the Reference Architecture taking relevant (technological, organisational) changes into consideration as well as keeping pace with innovations and trends in the industry/market.
     
• Communication and verification
  • Present and deliver verbal and written messages to other architects within ING, senior specialists and senior executive management.
  • Define and present final solution and impact on the organisation, and sustain the rationale for the solution.
  • Facilitate training, workshops, video conferences and work with international (virtual) teams on the topic of Cryptography Architecture.
  • Enforce and verify the correct implementation of the Reference Architecture throughout the ING organisation.
  • Help setup, build and maintain a sustainable network of specialists inside and outside ING.
     
• Intellectual Capital & Knowledge Sharing
  • Initiate knowledge sharing activities.
  • Keep professional knowledge up-to-date and translate external innovations and trends into useable information.
     

Profile

You have a background in Computer Science or Mathematics/Physics and deep knowledge of Cryptography and you also have experience in/affinity with the following areas:

• Data encryption (in transit and in rest);
• PKI and certificates;
• Digital Rights Management;
• HSMs.

   

Furthermore you recognize yourself in the following personal profile:

• experience in producing and presenting Security Architecture on a conceptual level;
• experience in effective communication on senior management level;
• excellent writing & reporting skills in English;
• familiarity with risk models, enterprise architectures and their relationships;
• broad technical knowledge and awareness; including software development, infrastructure, engineering and operations;
• determination to continuously develop your (technical) expertise and knowledge;
• willingness to travel (up to 25%).

What do we offer

ING’s office of the CISO offers a challenging international Information Security work environment with far-reaching and innovative developments which are implemented globally within ING. Cybercrime threat patterns will stay very fluid over the next years and the organisation need to continuously signal and prepare for this. The pervasiveness of these threats means ING Security, on a global base, must quickly develop cutting-edge response on top of basic security capabilities, while improving plans preparing for the worst case scenarios. Possibilities for training and personal development. The actual job level depends on knowledge and experience.  

For this role “Level 1” screening is required.