IT RISK & Security Expert

Role Purpose

The IT Risk & Security Expert is responsible for advising, planning, coordinating, and ensuring compliance with IT Risk and Cybersecurity controls across Tribes and IT domains.

The role acts as a trusted partner for Product Owners, IT Area Leads, Tribe Leads, Not Retail Areas referents, and Central IT Security functions, ensuring that technology changes and operations adhere to ING Policies, Minimum Standards, and IT Risk frameworks

Key Responsibilities

1. IT Risk Governance & Control Compliance

• Accountable for maintaining the IT Risk & Security compliance of the Tribe’s assets, with proper evidence management and reporting.
• Ensure full compliance with IT Risk controls throughout the Change Management Process, guaranteeing a green before live maturity level.

Define and maintain a sustainable annual IT Risk plan for the Tribe.

2. Stakeholder Engagement & Guidance

• Engage Tribe Leads, Product Owners, IT Area Leads, third parties and other stakeholders to ensure IT Risk & Cybersecurity controls are identified, embedded, and prioritized in the Tribe backlog.
• Provide visibility on the risk program, deliverables, walkthroughs, and expected timelines.
• In case of bigger activities, act as a project manager for the needed task
  

3. Single Point of Contact for Risk & Security

• Act as the SPOC between the Tribe and:
  • Central IT Risk COE
  • CISO team
  • Not Retail Areas
• Identify impediments related to IT & Cybersecurity risks and drive remediation with the appropriate teams.
  

4. Risk Roadmap & Collaboration with Central Functions

• Collaborate with IT Risk & Security COE, CISO, and IT Custodian roles to assess risk impacts, roadmap priorities, and asset specific needs.‑specific needs.
• Support the Tribe Lead and IT Area Lead in all IT & Cybersecurity Risk–related topics.
  

5. Training, Awareness & Expertise Sharing

• Serve as the focal point for IT & Cybersecurity Risk topics within the Tribe.
• Continuously train team members—especially new joiners—on controls, templates, processes, and updated risk requirements.
  

6. Audit & Assurance Support

• Support audits, internal and external maturity assessments.
  

Required Skills & Competencies

What are we looking for

• Solid understanding of GRC frameworks, regulations and compliance standards (ISO/IEC 27001, NIST CSF, CIS, NIS2, SOC 1/2, DORA)
• Experience in managing policies, KRIs, and risk reporting at the executive level.
• Project Management and coordination experience
• Knowledge of Cybersecurity principles, incident management, and IT control requirements.

• Strong stakeholder management and communication.
• Ability to challenge, influence, and support decisionmakers.
• Analytical mindset paired with structured, risk‑based thinking.
• The skillset of a team player
• Team working and problem solving
• Ability to work in a multicultural working environment
• Very good communication skills (at all levels, from professionals to senior managers), verbal and on paper. English is the global professional language in ING

Experience & Education

• Degree in Information Technology, Engineering, Computer Science, Economics or equivalent.
• 3+ years of experience in IT Risk Management, Information Security, or Cybersecurity roles, preferably in complex and international environments.
• Certifications such as CISSP, CISM, CRISC, CISA or equivalent (e.g. Dutch RE) are a plus.

Working conditions: Full Time

Duration: Permanent

Location: Milan (hybrid) 

About ING

ING offers many opportunities to build a diverse and rewarding career. You will be joining an international innovative digital bank, the first in Italy to adopt a fully flexible smart working model, and you will be working in a stimulating environment where you can grow both as an individual and as a professional. Our purpose - empowering people to stay a step ahead in life and in business - represents our belief in people’s potential. We don’t judge, coach or to tell people how to live their lives. We empower people and businesses to realize their own vision for a better future.
#doyourthing is our brand direction with us each and every day. It is how we articulate our purpose and our promise to make banking frictionless to the world.
‘do your thing’ is about people being free to live the life they want to live, knowing that they will make their world a little better for it.
Do you think you are "a step ahead"? Apply now!

The benefits of joining ING

In addition to being a part of a great team, working in a fun and innovative environment, we offer:

• Super flexible smart working

• Competitive base salaries and performance based bonuses

• Diverse cultures & Innovative mindsets

• International Environment

• Commitment to sustainability

• Lots of training development opportunities to help you grow

• Lots of moments dedicated to physical and mental well-being

• A special day off when it is your birthday: we call it #doyourbirthday!

• And of course we can’t forget: free water & coffee at the office! 

Our Commitment

Diversity is a fundamental element of our corporate culture, and we are fully committed to creating a safe and inclusive environment, based on mutual respect and the value of diversity, offering equal job opportunities to all qualified candidates.

Job Application Safety Reminder ⚠️

We’re seeing an increase in fraudulent job offers. To protect yourself, please follow these key guidelines when applying for roles at ING:

• Apply only via official ING platforms: ING uses Workday as its internal recruitment system. Applications should be submitted only via our official career site.

• Check the sender’s email carefully: legitimate communication will always come from: @ing.com and/or @myworkday.com

• No payments or banking details will ever be requested. If someone asks for this information, it’s a scam.

If you suspect suspicious activity, report it immediately. Your safety matters to us.