Cyber, Security, ICT, Data Analytics in Security
Master (EQF 7)
ING Office of the CISO is looking for a (Senior) Security Architect Cryptography.|
ING Office of the CISO focuses on Information Security steering, threat management and assurance. We translate key risks & threats, high-level business requirements and applicable law & legislation into IT Security Standards & Architectures and enterprise wide Information security initiatives to achieve ING's objectives, while delivering threat intelligence and monitoring the external threat landscape.
The objective of the Global Information Security Management department is to ensure that business strategy and Information Security implementation are aligned on an ongoing basis taking into account applicable security threats, market best practices, risk appetite and cost targets. The main activities are:
- Strategic Advice
- Requirements gathering, collect data, analyse the client’s business and provide input to support the strategic decision-making processes. Challenge the validity of given procedures, processes, policies and systems.
- Advise Domain Architects, Enterprise Architects, (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scoping.
- Support the development of business cases, technology vendor strategy and perform impact analysis.
- Reference Architecture Delivery
- Formulate and test hypotheses and draw conclusions to determine appropriate cryptography solutions for ING,
- Design Reference Architecture for Cryptography ensuring the optimal match between technology, fit-to-infrastructure (feasibility of deployment), costs, user friendliness, measurability, and flexibility/scalability.
- Specifically design key components that must be enforced and can be measured automatically.
- Maintain and update the Reference Architecture taking relevant (technological, organisational) changes into consideration as well as keeping pace with innovations and trends in the industry/market.
- Communication and verification
- Present and deliver verbal and written messages to other architects within ING, senior specialists and senior executive management.
- Define and present final solution and impact on the organisation, and sustain the rationale for the solution.
- Facilitate training, workshops, video conferences and work with international (virtual) teams on the topic of Cryptography Architecture.
- Enforce and verify the correct implementation of the Reference Architecture throughout the ING organisation.
- Help setup, build and maintain a sustainable network of specialists inside and outside ING.
- Intellectual Capital & Knowledge Sharing
- Initiate knowledge sharing activities.
- Keep professional knowledge up-to-date and translate external innovations and trends into useable information.
You have a background in Computer Science or Mathematics/Physics and deep knowledge of Cryptography and you also have experience in/affinity with the following areas:
- Data encryption (in transit and in rest);
- PKI and certificates;
- Digital Rights Management;
Furthermore you recognize yourself in the following personal profile:
- experience in producing and presenting Security Architecture on a conceptual level;
- experience in effective communication on senior management level;
- excellent writing & reporting skills in English;
- familiarity with risk models, enterprise architectures and their relationships;
- broad technical knowledge and awareness; including software development, infrastructure, engineering and operations;
- determination to continuously develop your (technical) expertise and knowledge;
- willingness to travel (up to 25%).
What do we offer
ING’s office of the CISO offers a challenging international Information Security work environment with far-reaching and innovative developments which are implemented globally within ING. Cybercrime threat patterns will stay very fluid over the next years and the organisation need to continuously signal and prepare for this. The pervasiveness of these threats means ING Security, on a global base, must quickly develop cutting-edge response on top of basic security capabilities, while improving plans preparing for the worst case scenarios. Possibilities for training and personal development. The actual job level depends on knowledge and experience.
For this role “Level 1” screening is required.