Type Contract:Type:
Vast dienstverband
Opleidingsniveau:Opleiding:
Bachelor (EQF 6), Master (EQF 7)
Gepubliceerd op:Gepubliceerd:
21/07/2021
Background
ING’s global CISO organisation is responsible to assist ING management, business and other tribes in providing customer friendly services in a safe and secure way. Business leaders and CISO are jointly responsible for bank-wide security. CISO is mandated to drive required change in all domains, business and IT.
The Business Control & Transformation team organizes global CISO’s governance, transformation program, ensuring high performance and risk management of global CISO services (e.g. Vulnerability Management, Security Detection & Response, Identity & Access Management).
Within the BCT department, Senior Consultant are part of the team Performance, Risk & Regulatory (PRR). This team focusses on:
- Maintain overarching IT Security framework (Process Control / IT Security Standards) and its interrelations (created by the CISO solution squads and circles)
- Manage CISO’s overall operating model globally
- Manage risk, compliance and (outstanding) audit activities for CISO
- Manage regulatory affairs, internal and external relationships e.g. ECB, DNB, other banks, NCSC
- Manage performance insights of CISO services
- Facilitate innovation with CISO’s eco-system for more revolutionary changes
- Manage service agreements / suppliers to global CISO
Key Responsibilities – What we offer you
- You will assist in performing relevant insights where required (e.g. to CISO global, NFRC etc. )
- Drafting action plans to resolve CISO related (audit) issues and coordinating timely execution of action plans
- Aligning and collaborating with CISO’s internal stakeholders, including IBSS as service provider, engineering tribes, CAS, CIRM and other CoEs.
- Aligning and collaborating with CISO’s external stakeholders such as the external auditor and other parties in the eco-system.
- Developing presentations and providing workshops and trainings to ING’s CISO community in the field of Cyber Security
- 1st line risk monitoring for IT Controls implementation within CISO
- Liaise with external parties, 2nd line (Corporate IRM) and 3rd line (Corporate Audit Services)
- Contributing at defining and enhancing CISO processes and strategic initiatives
- Acting and advising on Audit (in iRisk tool) & MIA (management identified actions) points - you will provide advice / challenge the auditors for recommendations
Requirements – What we are looking for
- Bachelors and/or master’s degree
- Certifications like RE, CRISC, CISSP, CISA and/or CISM are highly recommended
- 5 years’ professional experience in the field of Information / IT Security
- Experience with:
- IT auditing
- Building IT Security policies and standards
- Modelling and describing processes and procedures
- Designing governance models
- Developing training materials
- Organizing workshops and providing class-room training
- Creating clear guidance materials
- Executing IT risk assessments
- Excellent command of the English language and outstanding oral and written communication skills
- Skilled in working with MS Office, especially PowerPoint (reporting) and Excel (data analysis)
- Strong reporting skills (including C-level reporting)
- Ability to ‘take it on and make it happen’ (ownership & responsibility)
- Takes initiative and eager to deliver (no matter what)
- Ability to work under complex and stressful conditions
- Ability to simplify complexity and drive operational excellence
- Experience in a financial environment is a plus
- Strong analytical skills, and ability to solve high complexity problems
- Ability to provide timely and comprehensive recommendations to mitigate risks
- Team player and collaborative
- The will and mind set to continuously want to improve
- Has thorough understanding of consultancy methodologies