IT Risk Manager
Employé / CDI | Juridique / Conformité / Fiscalité | Expérimentés | 2020-09-16 | REQ-10030114
In line with ING's strategy to become the "go-to place for financial needs”, ING is launching a multi-country digital bancassurance proposition (“Dare”). Current statistics say there is <0.1% presence in the digital bancassurance channel and we believe ING can be the first to crack digital bancassurance, untapping great market potential. ING will shape the market with a digital, hyper customer-centric proposition. To make this global and scalable we will build a central multi-partners delivery platform to unify analytics, propositions and customer experience. The customer experience will be offered along the themes Life, Travel, Assist, Motor, Home and Health, where we will combine the best of both banking and insurance. Thus, ING entered a global partnership with AXA to launch a digital bancassurance proposition across 6 countries and is planning to pursue its growth strategy in other countries with possibly other partners.
This role is functionally be part of Global ING C&G Tech team, which is one of the innovative departments supporting our IT environments to enable the most crucial retail activities of ING outside the Benelux. Through a global approach to IT Risk and Security, ING can more effectively support compliance with our IT Risk and Security standards at all times and across our global locations.
Your role and responsibility
As part of the IT Team in DARE, the IT Risk Manager will have a positive impact on DARE and our IT function, it will be your responsibility in the first line of defence to ensure the security and IT compliance of the products that are delivered internally as well as to our external customers. In your role you will proactively support DARE in our journey towards sustaining the IT Risk within the ING risk appetite by:
- Ensuring that IT activities are in line with regulatory requirements and run smoothly in such a way that it can be demonstrated to the internal and external regulators.
- Contributing to the confidentiality and integrity of ING's IT products, services, employees and compliance with respect to the outside world.
- Identify risks and perform risk management as per the Enterprise Risk Management methodology for the various Risk focus areas within the Information Risk Management (Non-Financial Risk).
- To support and advise management in managing these risks and the in-control process.
The IT Security Manager activities include:
- Proactively train, advise and support the DARE central team and local business in identifying risks and implementing risk mitigating measures
- Keep track of new, updated and removed Policies and Minimum Standards and take appropriate actions of cascading the message as well as definition of done.
- Initiates and/or facilitates Risk Assessments, Risk Acceptances, Issue Remediation Plans and Closure Memo’s in corporation with relevant IT stakeholders
- Monitors and reports progress on identified risks, escalates to IT Lead, IT Risk Head C&G/Tech.
- Provides reports to C&G Tech MT on Risk and Security topics - Reports to other stakeholders (IT Partners, ORM, IRM, CAS, Central Programs, etc.) on Risk and Security topics as desired
- Provides Risk and Security related backlog items (Epics, Features or User Stories) to the Asset Owner/Product Owners through the IT Lead (IT Custodian in the DARE central team)
We are looking for someone who
- Holds a Masters level qualification in computer science or engineering
- Has 7 - 10 years relevant IT experience to include Cloud and VM
- Has 5 years hands-on experience in IT Risk and Security
- Has a proven track record in a similar role within a global IT environment and is able to demonstrate a strong hands-on approach and first line experience
- Is an IT Dev Ops professional who takes responsibility for the various Risk and Security aspects within the Agile IT development life cycle
- Takes a proactive approach and is not afraid to challenge IT and the Business on their workings because you know your role in the organization
- Is able to demonstrate they can solve complex problems and then effectively communicate this information to a variety of stakeholders with varying levels of IT knowledge or experience
- Can stimulate and encourages others to demonstrate continuous improvement in the area of IT Risk.
- Is a proven team player who is proud of their craft and contribution to our customers
- Able to demonstrate a positive can-do mind-set
- Is versatile and has mature IT skills, experience in a DevOps culture and eager to learn new technologies
- Is a delivery-oriented person who provides reliable reporting in a timely manner
- Has proven ability to effectively mentor colleagues to improve the IT Risk within the DARE environment
- Is able to adapt to change in a fast-paced environment
- Is effective and able to negotiate and influence others to deliver appropriate IT security and risk components in business outcomes (within DARE central team, local entities and within IT Risk & Security functional line)
- Is motivated by delivering to tight deadlines for a variety of stakeholders and stays calm under pressure
- Is able to effectively and constructively deal with conflict
- Is efficient and effective through their ability to multi-task and organization skills
- Is a self starter who is comfortable in using their own initiative
- Supports quality outcomes through their high attention to detail
- Has excellent verbal and written communication skills in English
This will be a challenging and complex work environment with extensive and innovative developments, where we are learning and adapting every day.