Security Architect Cloud Security

NG Office of the CISO focuses on cybersecurity steering, threat & vulnerability management and response. We translate key risks, business requirements and applicable laws & legislations into architectures and accompanying enterprise-wide security programmes to achieve ING's strategic objectives, while delivering threat detection and response services to the ING organization on a global level.

The objective of the Security Strategy & Architecture department is to ensure that business strategy and cybersecurity implementations are aligned on an ongoing basis taking into account applicable technology solutions, good practices, risk appetite and cost targets.

Main activities are:

• Leading the design, providing guidance and performing verification of architecture implementation on global programmes in the public cloud, specifically:
• Cloud access management and cryptography
• Cloud platform & infrastructure security
• Interface & API security
• Cloud security monitoring and incident response
• Cloud security compliance
• Defining, maintaining and verifying Enterprise Reference Architectures where needed
• Providing global security advisory on design and implementation matters
• Advisory role in security programmes
• Advisory role in security standards
• Writing vision/position papers

Key Responsibilities

• Strategic advice to the CISO Office
  • Gathering requirements, collecting context data, analysing the business needs, and providing input to support the strategic decision-making processes. Challenging the validity of given procedures, processes, policies and systems
  • Advising Domain Architects, Enterprise Architects, (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scope definitions and qualitative business cases
  • Supporting the development of technology vendor strategy and performing impact analysis on solution/service implementations
• Architecture artefacts lead and delivery
  • Formulating and testing hypotheses and drawing conclusions to determine appropriate security solutions/services for ING in a global perspective
  • Designing Global Architecture for public cloud security ensuring the optimal match between technology, fit-to-infrastructure (feasibility of deployment), costs, user acceptance, measurability, and flexibility/scalability together with a virtual team of Domain and Enterprise Architects
  • Specifically designing key components that must be enforced and can be measured automatically
  • Maintaining and updating the Global Architecture/Security Standard taking relevant (technological, organisational) changes into consideration as well as keeping pace with innovations and trends in the industry/market
• Communication and verification
  • Presenting and delivering verbal and written messages to other architects within ING, senior specialists and senior executive management
  • Defining and presenting final solution and impact on the organisation, and sustaining the rationale for the solution/service
  • Organising and providing trainings, workshops, video conferences and working with international (virtual) teams on the topic of Security Architecture
  • Enforcing and verifying the correct implementation of the Global Architecture throughout the ING organisation
  • Building and maintaining a sustainable network of specialists inside and outside ING
• Intellectual capital & knowledge sharing
  • Initiating and leading knowledge sharing activities
  • Keeping professional knowledge up-to-date and translating external innovations and trends into useable information

Requirements

• Fluent in technical and conceptual aspects of cloud security, specifically on:
  • Cloud/web Access Controls and identity federation
  • Cloud platforms with focus on MS Azure
  • Cloud-based SIEM/SOAR
• Background in Computer Science or Mathematics/Physics
• At least 10 years of professional experience in the field of IT, and at least 5 years in the field of cloud security
• CISSP

Furthermore the following personal profile:

• Ability to take ownership and responsibility
• Expertise and demonstrated track-record in driving and steering multidisciplinary teams
• Excellent analytical skills and clear way of expressing abstract concepts
• Experience in producing and presenting Security Architectures on a conceptual and logical level
• Experience in effective communication on senior management level
• Excellent writing & reporting skills in English
• Familiarity with risk/threat models, Enterprise Architecture concepts and their relationships
• Determination to continuously develop your (technical) expertise and knowledge
• Willingness to travel (up to 25%, mainly in Europe)