Information Risk Officer (different seniority levels) @ING HUBS Romania

Discover ING Hubs Romania

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.

Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj-Napoca.

With the help of over 1600 engineers, risk, and operations professionals, we offer 130 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide.

Our tech capabilities remain the core of our business, with more than 1300 colleagues active in Data Management, Touch Point Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people 

Here’s a sneak peak of what our colleagues say about working within ING Hubs Romania:

• At ING, software and soft skills are equally important | 78% of our IT colleagues agree

The Mission

This position is located within the ING Regional Information Risk Management Centre (IRIC), part of the ING Non-Financial Risk & Compliance HUB, in Bucharest, Romania. IRIC currently provides support to the ING Information Risk Management community in performing Information, Technology & Continuity Risk Management services for various ING entities.   IRIC offers a service portfolio that includes the following:

• 2nd line risk management activities for ING entities;
• Second Line Monitoring activities for SOX IT Generic controls;
• Other information risk or business continuity management related activities might be provided by the IRIC to other ING entities. This will assist ING business units as well as Head Office Information & Technology Risk (I&TR) department to manage the Information & Technology profiles of ING Bank in a sound manner.

Within the IRIC Romania, you will be part of a team of Information& Technology Risk Management officers and Continuity Risk Management specialists, with various backgrounds (IT audit, IT, Information Security, Risk management), which means that you will have the necessary internal community to guide you through the process of becoming an Information& Technology Risk Management professional and help you with answers to your questions, as needed.

With this position we are looking to fill in a spot available in the team supporting ING Bank Romania – thus we are looking for candidates which have experience as Information/IT Security officers in other financial institutions, or IT professionals with a passion for Security which are looking for a career change or IT Risk management.

Your day to day

Your day-to-day activities will be specific to the service you would be allocated, but, over time, you will build knowledge in all the tasks described below:

• Advise and challenge the identified IT risks and provide expert risk knowledge and guidance during specific risk assessments (including Data Classification, Business Impact Assessments or detailed IT Risk assessments);
• Communicate, provide interpretation & training for IT Risk tooling and IT Risk Policies, Minimum Standards, Procedures, Methods and Techniques;
• Perform Second Line Monitoring activities (review & challenge), quality assurance on the Control Compliance as a continuous process to assess the existence and effectiveness of the Baseline Information and Technology Risk Controls on internal applications;
• Participate in, challenge and periodically report upon the risks of key strategic (IT/BCM) programs and projects;
• Measure and report the implementation of Information (Technology) or Continuity Risk frameworks throughout the organization;
• Support the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
• Be a trusted IRM/BCM advisor towards 1st line of defence management and 1st and 2nd line of defence Non Financial Risk specialists;
• Raise, review & challenge opening or reviewing for closure of risk remediation actions for IT Risk of Continuity Risk gaps identified;
• Perform specific second line reviews (e.g, deep dives – thematic reviews performed for certain IT Controls, etc.);
• Contribute to the development and maintenance of a risk awareness curriculum and training program, and deliver risk awareness trainings to the organization;
• Perform and assist in other information risk activities where the requirements arise.

What you’ll bring to the team

We are looking for an energetic, self-motivated team-player to be part of the IRIC team.

Ideally you have the following in your portfolio:

• University BSc Degree or equivalent, preferably in the IT field;
• 2– 6 years’ experience in IT/IT Security/IT Audit or (Information) Risk Management areas;
• Focused, self-driven and results oriented;
• Analytical with the ability to think broadly but also with attention to detail;
• Good analytical skills and sound judgment;
• Excellent communication skills, fluency in English (written and spoken).

Would be considered a plus:

• Knowledge of Banking business, processes, procedures and systems and associated laws & regulations;
• Having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations).