Information Risk Management Expert @ING Hubs Romania

ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of over 1700 high-performing engineers, risk, and operations professionals.

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.

Now we provide borderless services with bank-wide capabilities and operate from two locations: Bucharest and Cluj-Napoca.

Our tech capabilities remain the core of our business, with more than 1500 colleagues active in Data Management, Touchpoint Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged.

For us, impact isn't a perk. It's the driver of our work.

We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you?

The Mission

This position is within the ING Regional Information Risk Management Centre (IRIC), located in ING Non-Financial Risk & Compliance HUB in Bucharest, Romania. IRIC currently provides support to ING Information Risk Management community in performing Information Management services for various ING entities.  IRIC has a services portfolio, which is developing on a continuous basis, which currently consists in:

• 2nd line risk management activities for ING entities & corporate domains;
• Second Line Monitoring activities for testing process of SoX Generic IT General controls;
• Other information risk management related activities might be provided by the IRIC to other ING entities. This will help ING business units as well as Global Information & Technology Risk function to manage the IT Risk profiles of ING Bank in a sound manner.

Within the IRIC Romania, you will be part of a team of Information Risk Management (IRM) specialists, with various backgrounds (former IT auditors, IT specialists, Information Security specialists, risk management specialists), which means that you will have the necessary internal community which will guide you through the process of becoming an Information Risk Management professional and help you with answers to your questions, when necessary.

The Information Risk Management Expert role will be working in the virtual team of NFR Business Support Functions (BSF) & Assurance department, which consists in 6 NFR Officers located in Amsterdam and Bucharest. You will closely work together with Information Risk Management colleagues of the Chief Technology Officer (CTO) domain who manage the IT applications and infrastructure of the applications in BSF.

You will be working with a variety of internal stakeholders in an environment which not only provides the overview on how Information (Technology) risks of the global processes at Head Office are managed, but also provides the opportunity to further support the enhancement of global (IT) processes services delivered like Know Your Customer and Global Payroll System.

Your day-to-day

Your day to day activities will be specific to the service you would be allocated, but, over time, you will build knowledge in all the tasks described below:

• Reviews and challenges risk assessment sessions for identifying information risks and identify appropriate mitigation measures;
• Challenge risk management execution and control processes and take corrective actions if necessary (escalation). Coordinate the reporting of risks and controls by the first line of defence regarding designated business processes;
• Use data from a wide range of sources to analyse key themes and identify possible impacts on the business;
• Contribute to the management of partnering relationships with internal clients, building effective working relationships and providing high quality professional services to support in delivering business strategy and plans;
• Performs Second Line Monitoring role in IT Generic Key Control testing;
• Provides Quality Assurance on Control Compliance & IT Risk Management activities;
• Executes Deep-dives and/or IT Risk & Maturity Assessments in the domain of BSF;
• Participates in important transformation programs, challenging and advising on information risks;
• Provides interpretation of ING Group Information & Technology Risk policies;
• Contributes to the development and maintenance of IT Risk Management governance documents and methods.

What are we looking for

We are looking for an energetic, self-motivated team-player to be part of IRIC team who has the following characteristics:

• University BSc Degree or equivalent, preferably in IT field;
• 6 – 8 years’ experience in IT (Information) Risk Management or IT Audit areas;
• Knowledge of and experience with IT Risk Assessments, IT Control Assessments or IT Audit assignments;
• Collaboration skills and ability to work across both functional and geographical lines;
• Pro-activeness and persuasiveness;
• Good analytical skills and sound judgement;
• Fluent in English (written and spoken).

 Would be considered a plus

• Knowledge of Banking business, processes, procedures and systems and associated laws & regulations;
• having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations);
• Knowledge and experience in one or more IT Security areas.

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/ Candidates tab).