Information Risk Officer (different seniority levels) @ING HUBS Romania
ING
- București
- Permanent
- Full-time
- At ING, software and soft skills are equally important | 78% of our IT colleagues agree
- 2nd line risk management activities for ING entities;
- Second Line Monitoring activities for SOX IT Generic controls;
- Other information risk or business continuity management related activities might be provided by the IRIC to other ING entities. This will assist ING business units as well as Head Office Information & Technology Risk (I&TR) department to manage the Information & Technology profiles of ING Bank in a sound manner.
- Advise and challenge the identified IT risks and provide expert risk knowledge and guidance during specific risk assessments (including Data Classification, Business Impact Assessments or detailed IT Risk assessments);
- Communicate, provide interpretation & training for IT Risk tooling and IT Risk Policies, Minimum Standards, Procedures, Methods and Techniques;
- Perform Second Line Monitoring activities (review & challenge), quality assurance on the Control Compliance as a continuous process to assess the existence and effectiveness of the Baseline Information and Technology Risk Controls on internal applications;
- Participate in, challenge and periodically report upon the risks of key strategic (IT/BCM) programs and projects;
- Measure and report the implementation of Information (Technology) or Continuity Risk frameworks throughout the organization;
- Support the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
- Be a trusted IRM/BCM advisor towards 1st line of defence management and 1st and 2nd line of defence Non Financial Risk specialists;
- Raise, review & challenge opening or reviewing for closure of risk remediation actions for IT Risk of Continuity Risk gaps identified;
- Perform specific second line reviews (e.g, deep dives – thematic reviews performed for certain IT Controls, etc.);
- Contribute to the development and maintenance of a risk awareness curriculum and training program, and deliver risk awareness trainings to the organization;
- Perform and assist in other information risk activities where the requirements arise.
- University BSc Degree or equivalent, preferably in the IT field;
- 2– 6 years’ experience in IT/IT Security/IT Audit or (Information) Risk Management areas;
- Focused, self-driven and results oriented;
- Analytical with the ability to think broadly but also with attention to detail;
- Good analytical skills and sound judgment;
- Excellent communication skills, fluency in English (written and spoken).
- Knowledge of Banking business, processes, procedures and systems and associated laws & regulations;
- Having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations).