[Platform] Risk Engineer

Background

Global Customer Reporting for Payments (GCRP) is the Reporting Application engine for Wholesale Banking, connecting all countries, through all WB channels and Backoffices. Because GCRP is a crucial application, the risk control requirements are stringent.

Role description

You will be responsible for assuring the effectiveness of risk management processes, analyzing risk data, and supporting risk mitigation activities as an IT Risk Ops Profile. Your expertise will be critical in maintaining a secure and compliant IT environment for our organization.

Responsibilities:

• • To ensure control objectives are always met to keep risk score within risk tolerance
  • Understanding of application security aspects.
  • Creating a Risk awareness culture & adhere to the defined Risk Management framework and Standards
  • Monitor and analyze IT risk data to identify potential vulnerabilities, threats, and trends.
  • Assist in the development and implementation of IT risk management strategies and frameworks.
  • Conduct regular reviews of IT controls and processes to assess their effectiveness and identify areas for improvement.
  • Collaborate with cross-functional teams to ensure IT risk management practices are aligned with organizational objectives.
  • Support the development and maintenance of IT risk policies, procedures, and documentation.
  • Coordinate risk assessments and control testing activities to ensure compliance with internal and external requirements.
  • Participate in incident response activities related to IT risk incidents, including investigation, analysis, and remediation.
  • Maintain and update risk registers, risk profiles, and risk dashboards to provide accurate and timely risk reporting to stakeholders.
  • Contribute to the development and delivery of IT risk awareness and training programs for employees.
  • Good English writing and reporting skills and preferably has experience with risk audits.
  • Giving demos and instructions to teams, writing work instructions can be part of the work.

The risk engineer will be part of the Platform squad within the Reporting area. Given that the whole squad owns the Sprint Backlog, it can also be that he/she will have to work on topics not related to Risk (e.g. improving release management, incident management, etc.)

Role requirements

Below are the requirements that have been set for this role (experience and knowledge) and the MoSCoW classification for each.

Job

Must have:

• Passion for Risk / Risk mindset > 4 yrs
• Passion for automation > waste-buster > 2 yrs
• Analytical and investigative by nature > 6 yrs
• Knowledge and understanding of software development and deployment process > 4 yrs
• Knowledge about Business Impact Assessment, Detailed Risk Assessment, and applicability of security controls > 3 yrs
• Expert in control areas – Change Management, Platform Security, Operational Resilience, Cybersecurity Resilience, Security Monitoring & Identity and Access Management >3 yrs

Should have:

• Basic understanding of infra, networking (cloud, machines, firewalls, network domains) and communication protocols (XFB, FTP, EMS, MQ, HTTP) > 2 yrs
• Experience in monitoring/evaluating the effectiveness of existing risk controls and recommend improvements as necessary >2 yrs

Nice to have:

• Knowledge of the ING risk model > 1 yr

Technology & tools

Should have:

• Basic some scripting knowledge > 2 yrs
• Basic knowledge of Linux commands > 1 yr

Nice to have:

• Experience with automation, and automation tools (e.g. Ansible, Python) > 2 yrs
• Azure Fundamental knowledge >1 yr

Soft skills

Must have:

• Always out to learn new skills, and to teach others in the process
• Proactive attitude > don't wait for someone to tell you what to do

Should have:

• Experience with coaching junior and medior engineers
• Not shy to express and defend his/her opinion in front of a crowd (which may not be the popular opinion)

Other

Must have:

• Experience with Agile and Scrum way of working 
• Knowledge of Payments

Should have:

• Experience with working in an international environment
• Willing to be on standby duty for 24/7 support of our application
• Knowledge of Account Reporting