Business Information Security Officer (BISO)

The team
The BISO function acts as a customer success manager for Tech NL IT leadership, ensuring a secure and compliant practice across the IT domain(s). BISOs ensure alignment with regulatory requirements, challenge the effectiveness of controls, and advise CISO NL and Tech NL IT leadership on risk exposure and mitigation strategies.

Roles and responsibilities

• Acting as an IT risk and security representative for the Tech NL IT domains.

• Developing and overseeing the implementation of IT risk and security policies, control standards, and procedures within Tech NL IT domains.

• Working with Tech NL IT leads and IT area leads to establish and maintain a structured IT risk and security management program, maintaining risk exposure at target levels and, where possible, reducing and/or mitigating IT and cyber risks.

• Providing guidance and support to Tech NL IT domains on IT risk and security best practices.

• Assisting and advising Tech NL IT domains on IT risk, security and compliance (IT risk controls, IT risk metrics, CAS findings, MIAs, vulnerabilities, and other issues).

• Supporting the drafting of required MIAs and risk acceptance, and remediation of IT risk issues and security incidents.

• Facilitating IT risk and security awareness training programs.

• Initiating improvements across risk areas, audits, and policies.

• Monitoring and reporting on the status and progress of the IT risk and security compliance state, issue mitigation, audit findings, and other relevant KRIs and KPIs.

How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself. 

• University and/or postgraduate (Master’s) degree in computer science or a comparable education.

• 7+ years of experience in cyber risk management roles, ideally in a CISO department or 2LoD.

• Solid understanding of relevant regulations (e.g., DORA, EBA).

• Cybersecurity expertise across SDR, Vulnerability Management, Network Security, IAM, and IT Resilience, with a strong results orientation and the ability to drive complex security issues to resolution in a structured and timely manner

• Good judgment and decision-making.

• Stakeholder management skills - combines assertiveness with sound judgement; able to challenge effectively, influence senior stakeholders, and deliver tangible risk reduction outcomes

• Strong analytical skills and critical thinking 

• Project management and reporting skills.

• Strong consulting, negotiation, and presentation skills.

• Certifications such as CISSP, CISM, CRISC, or CISA are preferred.

• Strong English (spoken and written) is required.

• Dutch language skills are preferred.

Rewards and benefits
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions.

The benefits of working with us at ING include:

• 25-28 vacation days depending on contract

• Pension scheme

• 13th month salary

• 8% Holiday payment

• Hybrid working 

• Personal growth and challenging work with endless possibilities

• An informal working environment with innovative colleagues

About us
Curious about how ING empowers people and businesses to move forward?

Discover what we do and what we can offer you. 

Questions?
Please visit our Frequently Asked Questions section to find some answers on questions you might have.

Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter by clicking the ‘Apply’ button.