IT Security Governance Expert @ING Hubs Romania

Discover ING Hubs Romania

ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of over 1700 high-performing engineers, risk, and operations professionals.

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.

Now we provide borderless services with bank-wide capabilities and operate from two locations: Bucharest and Cluj-Napoca.

Our tech capabilities remain the core of our business, with more than 1500 colleagues active in Data Management, Touchpoint Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged.

For us, impact isn't a perk. It's the driver of our work.

We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you?

The Mission

Keeping the company safe, secure and compliant is a top priority at ING.

As part of the IT Security & Risk 1st LoD team your focus will be on providing IT risk subject matter expertise, education and instilling the core IT risk mindset and culture. You will be contributing to the review of evidence of various IT controls, contributing on awareness in IT risk and IT security and be involved in the IT risk assessment exercises.

Your day-to-day

• Evaluate IT controls for design and effectiveness;
• Initiate and facilitate IT risk assessments in line with internal frameworks, procedures and guidelines;
• Provide IT Security requirements for applications and third-party contracts;
• Conduct IT Security reviews and follow-ups (e.g. related vulnerability management);
• Monitors and reports progress on identified issues/risks;
• Act and advise on IT issues (e.g. IT Audit points);
• Contribute to the local IT security policies, procedures, guidelines and runbooks in line with internal policies and industry best practices;
• Liaison between 1 line of defense and 2nd/3rd lines of defense;
• Provide training & awareness activities IT Security & IT Risk;
• Perform relevant reporting where required (e.g. to management team);
• Contribute to the local projects.

What you’ll bring to the team

• 3-5 years (preferably in software company or financial institution) in an IT Security Officer, IT Auditor, IT Risk Analyst or similar role;
• Familiar with ISO/IEC 27000 family of standards, COBIT, NIST, CIS and similar frameworks;
• Understand various technologies (e.g. operating systems, databases, virtualization, cloud) and SDLC;
• Nice to have relevant trainings and certifications (e.g. CISA, CRISC, CISM, CISSP, CEH, ISO27001, ITIL);
• Fluency in English (written and oral).