Senior Consultant Performance, Risk & Regulatory

Background

ING’s global CISO organisation is responsible to assist ING management, business and other tribes in providing customer friendly services in a safe and secure way. Business leaders and CISO are jointly responsible for bank-wide security. CISO is mandated to drive required change in all domains, business and IT.

The Business Control & Transformation team organizes global CISO’s governance, transformation program, ensuring high performance and risk management of global CISO services (e.g. Vulnerability Management, Security Detection & Response, Identity & Access Management).

Within the BCT department, Senior Consultant are part of the team Performance, Risk & Regulatory (PRR). This team focusses on:

• Maintain overarching IT Security framework (Process Control / IT Security Standards) and its interrelations (created by the CISO solution squads and circles)
• Manage CISO’s overall operating model globally
• Manage risk, compliance and (outstanding) audit activities for CISO
• Manage regulatory affairs, internal and external relationships e.g. ECB, DNB, other banks, NCSC
• Manage performance insights of CISO services
• Facilitate innovation with CISO’s eco-system for more revolutionary changes
• Manage service agreements / suppliers to global CISO

Key Responsibilities – What we offer you

• You will assist in performing relevant insights where required (e.g. to CISO global, NFRC etc. )
• Drafting action plans to resolve CISO related (audit) issues and coordinating timely execution of action plans
• Aligning and collaborating with CISO’s internal stakeholders, including IBSS as service provider, engineering tribes, CAS, CIRM and other CoEs.
• Aligning and collaborating with CISO’s external stakeholders such as the external auditor and other parties in the eco-system.
• Developing presentations and providing workshops and trainings to ING’s CISO community in the field of Cyber Security
• 1st line risk monitoring for IT Controls implementation within CISO
• Liaise with external parties, 2nd line (Corporate IRM) and 3rd line (Corporate Audit Services)
• Contributing at defining and enhancing CISO processes and strategic initiatives
• Acting and advising on Audit (in iRisk tool) & MIA (management identified actions) points - you will provide advice / challenge the auditors for recommendations

Requirements – What we are looking for

• Bachelors and/or master’s degree
• Certifications like RE, CRISC, CISSP, CISA and/or CISM are highly recommended
• 5 years’ professional experience in the field of Information / IT Security
• Experience with:
  • IT auditing
  • Building IT Security policies and standards
  • Modelling and describing processes and procedures
  • Designing governance models
  • Developing training materials
  • Organizing workshops and providing class-room training
  • Creating clear guidance materials
  • Executing IT risk assessments
• Excellent command of the English language and outstanding oral and written communication skills
• Skilled in working with MS Office, especially PowerPoint (reporting) and Excel (data analysis)
• Strong reporting skills (including C-level reporting)
• Ability to ‘take it on and make it happen’ (ownership & responsibility)
• Takes initiative and eager to deliver (no matter what)
• Ability to work under complex and stressful conditions
• Ability to simplify complexity and drive operational excellence
• Experience in a financial environment is a plus
• Strong analytical skills, and ability to solve high complexity problems
• Ability to provide timely and comprehensive recommendations to mitigate risks
• Team player and collaborative
• The will and mind set to continuously want to improve
• Has thorough understanding of consultancy methodologies