Corporate Information Risk Management - Business Continuity Management Practitioner
Medewerker | Risk Management | Ervaren | Noord Holland | 2019-03-22 | REQ-10016264
The Corporate Information Risk Management (CIRM) department resides within the Non-Financial Risk domain. You will hierarchically report to the Head of CIRM. Within the Non-Financial Risk domain, CIRM has a responsibility for the development and maintenance of the non-financial risk management framework - especially policy setting and advisory - with a focus on Information (Technology) Risks and Continuity Risks. It is also responsible to provide direct IRM and BCM support to the Corporate Departments in Amsterdam (Tier 2) as well as Challengers & Growth Markets and Wholesale Banking.
CIRM focuses on the Information (Technology) Risk and Continuity Risk:
- Information Technology (IT) – concerns managing Information (Technology) Risks within IT Governance, IT Management and IT Security;
- Operational Resilience – concerns measures to ensure Availability of Business Services;
- Information Management – concerns managing Information (Technology) Risks within the lifecycle of information and use of information to the benefit of the stakeholders.
- Continuity Risk is the risk of financial loss, regulatory sanctions or reputational damage due to business disruptions (loss of people, processes, systems, data, premises) caused by severe events (e.g. natural disasters, infectious diseases, power outages, terrorism). CIRM is in charge of ensuring that Business Continuity Plans are available bank-wide to identify the critical processes and describe the corrective measures and resources necessary in case a business is disrupted and cannot be resumed within the normal environment. It is also in charge of the Disaster Recovery Plans to recover the time critical business processes or value chains and describes all ICT measures necessary to support these requirements.
• You are a practitioner in the field of Information (Technology)/Business Continuity Risk Management, possessing knowledge of IRM, BCM and IT processes.
• You are able to deal with and advise on standard matters that are a major concern to lower level management of ING Bank.
• You are a trusted IRM advisor, who directs, advises and supports the identification, analysis and mitigation by 1st LoD/business of risks to ING that result from inadequate security of information (supporting business applications, IT processes, databases and supporting infrastructure), with the aim of assuring reliability of information, integrity and the availability of systems.
• You challenge and monitor IT and Continuity risk management processes and quality.
As Practitioner IRM/BCM your role is to:
• Support the Corporate Head of IRM and BCM (CIRM) of ING Bank with research, fact finding, collecting evidence and documenting activities;
• Contribute to the development and maintenance of CIRM Strategy, Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;
• Support the functional oversight of the global IRM/BCM community by means of QA reviews as part of our functional steering role;
• Be a trusted IRM-BCM advisor towards 1st LoD management and 1st LoD and 2nd LoD NFR risk specialists;
• Participate in, challenge and periodically report upon the risks of key strategic (IT/BCM) programs and projects;
• Participate and challenge in risk assessments on specific Operational Risk or Information Risk projects and programs, taking direction over junior ORM, BCM and IRM colleagues;
• Support strategic and ad-hoc risk analyses, risk papers and risk reports with fact finding, research and documenting activities;
• Supports the identification of the impact of and the coordination of responses to law and regulatory changes, ECB reports, etc. and monitors the follow-up of the regulatory issue solving.
• Contribute to the development and maintenance of a curriculum and training programme, and to training of the IRM-BCM community.
IRM-BCM Job Profiles – V1.0 Final – 1 February 2017
• BCM: Supports the challenges, monitors and advises on the results of CMO exercises.
Your work environment
ING is restructuring its IT processes, controls, and infrastructure to transform itself into a Digital Bank with the goal of end-to-end “straight through processing”. Information Risk Management uses sound principles of risk management to ensure that the quality and security aspects of information within the ING Bank are maintained at acceptable levels which are proportionate to its value and criticality. The team supports and directly works for the Corporate Head of IRM. The team performs functional oversight over the IRM and BCM functions globally and acts as expert centre for Information (Technology) and Business Continuity Risk Management. In this position travelling (20 – 40%) is required to give support to ING entities across the globe.
What we are looking for
Professional risk management behavioural competencies including:
• Good judgment
• Learning agility
Expected Competency levels (basic & supplementary):
• Courage and self-confidence 2 (expresses confidence in his own ability)
• Independence 4 (acts on his/her own convictions, also when risks are involved)
• Listening Skills & Empathy 3 (is available for others)
• Oral Skills & Presentation 3 (summarizes clearly and concisely)
• Integrity 3 (treats others with respect)
• Creativity 2 (thinks beyond his own mind set)
• Problem analysis & Judgement 3 (extrapolates the problem)
• Professional expertise / Market Focus 3 (uses knowledge of the discipline and the market to formulate the
• Experience as IRM/BCM with at approx. 6 years in risk areas that are relevant for respectively Information (Technology) and Business Continuity Risk Management
• Track record as IRM, BCM or IT (Security) practitioner
• Knowledge of Banking business, processes, procedures and systems.
• Collaboration skills and ability to work across both functional and geographical lines
• Ability to earn trust and respect of clients, colleagues and management
• Ability to be firm when needed and show flexibility when possible
• Good analytical skills and sound judgment
• University BSc Degree or equivalent
• Professional education and multiple international certifications for Information (Technology) and Business Continuity Risk Management (e.g. RE, BCI, ISC2, ISACA accreditations)
• Fluent in English (written and spoken)
For more information please contact Kamila Falana (firstname.lastname@example.org)