Head of IT Security

Key Responsibilities

IT Security Leadership

• Lead the local IT Security agenda covering infrastructure security, endpoint security, network security, and identity & access management.
• Oversee vulnerability management, patching governance, and remediation tracking.
• Ensure security monitoring, SIEM/SOC operations, threat detection, and incident response capabilities.
• Govern local incident response processes, coordinate response with global CSIRT, and ensure timely root cause analysis and corrective actions.
• Drive continuous improvement of local security engineering and operational controls.

Cybersecurity Governance, Risk & Compliance

• Ensure governance of cybersecurity and IT security aligned with Global CISO directives and ING policies.
• Implement and maintain global standards, security baselines, and control frameworks.
• Monitor and ensure local adherence to regulatory obligations (e.g., DORA).
• Perform regular cyber and IT security risk assessments; provide expert advice to management and IT squads.
• Oversee policy implementation, KRI tracking, and executive reporting.

Audit & Regulatory Engagement

• Lead local preparation for internal/external audits related to cybersecurity and IT security.
• Coordinate regulatory examinations, questionnaires, and onsite inspections.
• Track remediation of audit or regulatory findings and ensure closure within required timelines.

IT Security Architecture & Standards

• Partner with architecture teams to ensure systems and changes comply with security standards.
• Provide expert guidance on secure design, cloud security integration, and platform hardening.
• Review and approve security exceptions and risk acceptances.

Stakeholder & Cross‑Functional Engagement

• Act as the primary security authority for the local hub.
• Collaborate closely with IT Operations, Workplace Services, Engineering, Risk, Compliance, Data Management, and other Chapters.
• Represent the local hub in global security communities, change boards, and governance groups.

People Leadership & Chapter Management

• Lead the Local CISO Chapter: manage performance, capability building, succession planning, and workforce strategy.
• Build a high‑performing team with strong engineering and governance capabilities.
• Foster a culture of ownership, continuous learning, and innovation.
• Ensure chapter alignment with global ways of working .

Minimum Qualifications

• A degree in computer science, information security, engineering, or related field.

• Minimum 8 years of experience in IT security, cybersecurity, risk management, or IT operations in enterprise-scale environments.
• Strong understanding of infrastructure security: networking, firewalls, endpoint protection, cloud security, IAM, vulnerability scanning, SOC/SIEM, intrusion detection.
• Deep knowledge of cybersecurity governance and frameworks such as ISO 27001, NIST CSF, CIS Controls, SOC, NIS2.
• Experience implementing and governing complex IT security controls in financial or regulated environments.