IT Risk & Security Manager

The IT Risk & Security Manager is a new function as a result of a ING IT Risk Paradigm Shift program - this program focuses on the move from compliance based reporting to risk based reporting, moving responsibility for IT Risk from 2nd line to 1st line.  The IT Risk & Security Manager will manage this transition at group level, making sure roles and responsibilities are redefined for the CTO and CRO organizations. Also collaborating with the Head of IT risk to implement, while simultaneously rolling out across the entities.

Key challenges of the role will be to manage this transition successfully, to up/reskill the local risk teams to be able to execute the changed activities and to make sure we stay fully aligned with 2nd line and 2nd line can continue its challenging/confirming role after the change has been implemented.

The team

The IT Risk & Security Manager manages hierarchically a team of IT Risk Experts and has functional reporting lines to all local Tech GRC leads and departments in the entities. The IT Risk & Security Manager will be part of the CISO MT and the NFRC IT Bank.

The IT Risk & Security Manager is responsible for the availability and quality of the IT Risk tooling and the IT Risk metrics dashboards that will be used to manage IT Risk adequately.

The IT Risk & Security Manager is a new position as a result of the IT Risk Paradigm Shift program - this program focuses on the move from compliance based reporting to risk based reporting. This is a change that will affect Tech globally and requires a deep understanding of the current and new landscapes along with maturity to manage the senior stakeholder landscape.

The IT Risk & Security Manager has visibility at global and local board level as being responsible for aggregation of the local CIO IT Risk Opinions towards the CTO of ING

The IT Risk & Security Manager will manage a team that is the link pin between the central IT control delivery organizations (containing the IT Process Owners), 1st line ING entities and domains managing IT environments and IT processes locally, 2nd line IT Risk, 3rd line internal audit and external auditors and regulators. Next to that this team will centrally manage risk tooling and IT Risk metric dashboards.

Towards the central IT control delivery organizations this function will have an advice, consulting, and review role regarding the correctness and completeness of the IT Control Landscape and IT Risk metrics. This team will have an advice and consulting role and will set the reporting standards and guidelines. The local Tech GRC department will use these standards and guidelines to advice the local CIO and report out the local IT Risk posture.

The IT Risk & Security team will be the counterpart of 2nd line IT Risk, 3rd line internal audit and external auditors and regulators.

The IT Risk & Security team will be located in Amsterdam. 

Roles and responsibilities

Team management

• Manages the IT Risk & Security team.
• People management.
• Career development.

Global IT Risk Paradigm Shift strategy and execution

• Design global IT Risk Paradigm Shift strategy
• Functional leadership of entity GRC heads and their teams
• Membership of NFRC Tech

Financial

• Understands the figures and costs for cybersecurity and IT risk activities and staff.
• Manages finances and cost developments.

Stakeholder management

• Liaises with Global CTO, MT CIO members and entity CIO's: advising on risk opinions and activities, solving disagreements with global/local 2nd line.
• Collaborates with global process owners: makes sure control and metrics are frequently updated, brings market insights to these teams, challenges/advises on the controls/metrics/thresholds and works as liaison between process owners and IT Risk (2nd line) .
• Liaises with Global Head of IT risk and entity heads of IT Risk to agree on procedures and control/metrics and to resolve disputes between 1st line and 2nd line.

IT Control Framework

• Centrally manages the governance of the Process Control Standards, ensuring internal and external regulatory standards are met.
• Responsible for ensuring understanding of how ING designs, implements, uses and governs IT controls in relation to ING's control objectives. Includes 1st line monitoring, KCT and other monitoring artefacts.
• Manages relationship with the central 2nd line.
• Centrally supports and coordinates country 1st line risk teams. Providing guidance on implementation of standards, reporting, metrics.
• Liaising with country teams on upskilling and recruiting risk professionals into the new framework.
• Provide authoritative specialist advice to guide the implementation of policy and the design and implementation of projects and change initiatives.

Managing the IT Control and Metric repository

• Designing and setting the standards around risk related metrics, linking these to current and new regulatory requirements
• Evaluating, regularly, the metrics reported to MT CTO and key stakeholders to ensure relevance
• Aggregating risk reporting to senior management

How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.

We are looking for a motivated colleague who has the following characteristics and capabilities:

• University BSc Degree or equivalent, preferably in IT field.
• Having professional education and an international certification for Information (Technology) / Risk Management (e.g., ISC2, ISACA accreditations).
• 8 – 12 years’ experience in IT Audit or IT Risk Management.
• In depth knowledge of IT Risk Management processes and reporting.
• Knowledge of and experience with IT Audit assignments, IT Control Assessments, or IT Risk Assessments.
• Collaboration skills and ability to work across both functional and geographical lines.
• Pro-activeness and persuasiveness.
• Good analytical skills and sound judgment.
• Fluent in English (written and spoken).
• Travelling is possible in this position.
• Management experience.
• Knowledge of Banking business, processes, procedures, systems, and associated laws & regulations.
• Knowledge and experience in one or more IT Security areas.

Rewards and benefits
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions.

The benefits of working with us at ING include:

●          24-27 vacation days depending on contract

●          Pension scheme

●          13th month salary

●          8% Holiday payment

●          Hybrid working

●          Personal growth and challenging work with endless possibilities

●          An informal working environment with innovative colleagues

About us
Curious about how ING empowers people and businesses to move forward? Discover what we do and what we can offer you.

Questions?
Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter by clicking the ‘Apply’ button.