Information Risk Officer - SOX IT General Controls Testing @ING Hubs Romania

Discover ING Hubs Romania

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.

Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj-Napoca.

With the help of over 1600 engineers, risk, and operations professionals, we offer 130 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide.

Our tech capabilities remain the core of our business, with more than 1300 colleagues active in Data Management, Touch Point Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people.

Here’s a sneak peak of what our colleagues say about working within ING Hubs Romania:

• At ING, software and soft skills are equally important | 78% of our IT colleagues agree

Mission 

This position is located within the ING Regional Information Risk Management Centre (IRIC), part of the ING Non-Financial Risk & Compliance HUB, in Bucharest, Romania. IRIC currently provides support to the ING Information Risk Management community in performing Information, Technology & Continuity Risk Management services for various ING entities.   IRIC offers a service portfolio that includes the following:

• 2nd line risk management activities for ING entities;
• Second Line Monitoring activities for SOX IT Generic controls;
• Other information risk or business continuity management related activities might be provided by the IRIC to other ING entities. This will assist ING business units as well as Corporate Information Risk Management (CIRM) to manage the Information & Technology or Continuity Risk profiles of ING Bank in a sound manner.

Within the IRIC Romania, you will be part of a team of Information& Technology Risk Management Officers and Continuity Risk Management Specialists, with various backgrounds (IT audit, IT, Information Security, Risk management), which means that you will have the necessary internal community to guide you through the process of becoming an Information& Technology Risk Management professional and help you with answers to your questions, as needed.

With this open position we are looking to fill in an open spot in the Second Line Monitoring for IT General Controls team - thus we are looking for candidates with experience in SOX IT Generic controls testing, either from a tester or from an auditor/reviewer of the testing process point of view.

This is an excellent opportunity for individuals seeking challenging SOx IT generic controls compliance work, being part of a central team, which is continuously expanding its internal clients portfolio and of a regional team which fosters career development opportunities, both local & international, in the risk management field.

Your day-to-day

Your day-to-day activities will be specific to the service you would be allocated, but, over time, you will build knowledge in all the tasks described below:

• Establish strong working relationships with internal clients stakeholders;
• Manage internal clients through the whole SOX testing process, by challenging & advising on SOX requirements for compliance in each phase of the SOX lifecycle;
• Assess the quality of the test of existence, by participating in and reviewing the documentation of the Walkthrough;
• Assess the quality of the test of design and operating effectiveness, by reviewing the documentation of the tests (test scripts and test evidences);
• Perform Independent Testing, in case the outcome of the reviews performed for test of design or operating effectiveness indicate reasons of concerns;
• Review of SOX Evaluation meeting documentation;
• Ensure that the documentation and testing complies with standards and allows for reliance by the external auditors;
• When consulted, support entities in challenging & advising on the assessment of identified deficiencies and proposed mitigating actions;

What are we looking for

We are looking for an energetic, self-motivated team-player to be part of the IRIC team.

Ideally you have the following in your portfolio:

• University BSc Degree or equivalent, preferably in the IT field;
• 2 – 3 years experience in SOx IT General Controls testing process;
• Focused, self-driven and results oriented;
• Analytical with the ability to think broadly but also with attention to detail;
• Good analytical skills and sound judgement;
• Excellent communication skills - clear, concise verbal and written communications (presentations, meetings, emails, etc.);
• Fluency in English (written and spoken).