Information Risk Officer [@ING Tech]
Employee | Risk Management | Professional | Romania | Bucharest | 2019-06-25 | 055876
Discover ING Tech Romania:
ING Tech Romania is ING’s global hub for technology established in 2015. Focused on building strategic key capabilities, the hub provides approximately 121 services for 24 ING units globally. These services are grouped in the following main categories: software development; data management; non-financial risk & compliance and audit.
Now, in 2021, our fast-growing organization gathers more than 1000 high-performing engineers and non-financial risk & compliance specialists that work together in global tribes.
This position is within the ING Regional Information Risk Management Centre (IRIC), located in ING Non-Financial Risk & Compliance HUB in Bucharest, Romania. IRIC currently provides support to ING Bank Information Risk Management community in performing specific Information Risk activities for Romania based ING entities (e.g. ING Tech Romania and ING Bank Romania). IRIC is developing its service portfolio on a continuous basis, currently setting up other services like Second Line Monitoring activities for Generic IT & IT SOX relevant controls and second line review & challenge for Global Critical Programmes or Think Forward initiatives. Other information risk management related activities might be provided by the IRIC to other ING entities. This will help ING business units as well as Corporate Information Risk Management (CIRM) to manage the IT Risk profile of ING Bank in a sound manner.
The role is defined as an Information Risk Officer within the global Information Risk Management community, very specifically related to the regional information risk management activities (including Second Line Monitoring). The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC).
Within the IRIC Romania, you will be part of a team of Information Risk Management (IRM) Officers and Business Continuity Management (BCM) Specialists, which, besides the support provided to serviced entities, will have the opportunity to support the Corporate Information Risk Management functions on various IRM and BCM related activities to ensure that IT risk and Continuity risk are adequately managed (e.g. Quality assurance assessments, Deep dives, etc.).
We are looking to fill in multiple roles thus we are looking for candidates with different levels of Seniority which have experience in areas like IT audit for consulting companies or other financial institutions, Generic IT & IT SOX controls testing reviews, Information/IT Security professionals working for financial institutions, IT professionals with a passion for Security which are looking for a career change. If you have experience in any of the above, do not hesitate to apply!
- Participating in and challenging risk assessments (including Data Classification, Business Impact Assessments or detailed IT Risk assessments);
- Communicating, providing interpretation & training for IT Risk tooling and IT Risk Policies, Minimum Standards, Procedures, Methods and Techniques;
- Perform Second Line Monitoring activities (Reviewing & challenging) the Generic IT or SOX Key Control Tests results;
- Participating in, challenging and periodically reporting upon the risks of key strategic (IT/BCM) programs and projects;
- Measuring and reporting the implementation of Information (Technology) security or Continuity framework throughout the organization;
- Supporting the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
- Raising and reviewing for closure of risk remediation actions for IT Risk of Continuity Risk gaps identified;
- Perform specific second line reviews (e.g. spot checks – reviewing the implementation and effectiveness of IT controls for (Business) applications, deep dives – thematic reviews performed for certain IT Controls, etc.);
- Contributing to the development and maintenance of a risk awareness curriculum and training program, and delivering risk awareness trainings to the organization;
- Performing and assisting in other information risk activities where the requirements arise.
What are we looking for:
We are looking for an energetic, self-motivated team-player to be part of IRIC team who has the following characteristics:
- University BSc Degree or equivalent, preferably in IT field;
- 2– 6 years’ experience in IT/IT Security/IT Audit or (Information) Risk Management areas;
- Focused, self-driven and results oriented;
- Analytical with the ability to think broadly but also with attention to detail;
- Good analytical skills and sound judgment;
- Excellent communication skills, fluency in English (written and spoken);
Would be considered a plus:
- Knowledge of Banking business, processes, procedures and systems and associated laws & regulations
- Experience in Business Continuity Management & having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations)