Information Risk Officer
- ING Romania
- Bucharest (RO)
- Competitive + benefits
- Job Type
- Data Protection, IT Compliance, Technology Risk, Security Auditor
- Employer Sector
- Banking & Finance - Investment, Banking & Finance - Retail, Financial Services, Insurance
- Contract Type
Discover ING Tech Romania:
ING Tech Romania is ING's global hub for technology established in 2015. Focused on building strategic key capabilities, the hub provides approximately 90 services for more than 18 countries and business units within ING Group in the following main categories: software development; data management; non-financial risk & compliance and audit.
Now, in 2020, our fast-growing organization gathers more than 900 high-performing engineers that work together in global tribes
This position is within the ING Regional Information Risk Management Centre (IRIC), located in ING Non-Financial Risk & Compliance HUB in Bucharest, Romania. IRIC currently provides support to ING Bank Information Risk Management community in performing specific Information Risk activities for Romania based ING entities (e.g. ING Tech Romania and ING Bank Romania). IRIC is developing its service portfolio on a continuous basis, currently setting up other services like Second Line Monitoring activities for Generic IT & IT SOX relevant controls and second line review & challenge for Global Critical Programmes or Think Forward initiatives. Other information risk management related activities might be provided by the IRIC to other ING entities. This will help ING business units as well as Corporate Information Risk Management (CIRM) to manage the IT Risk profile of ING Bank in a sound manner.
The role is defined as an Information Risk Officer within the global Information Risk Management community, very specifically related to the regional information risk management activities (including Second Line Monitoring). The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC).
Within the IRIC Romania, you will be part of a team of Information Risk Management (IRM) Officers and Business Continuity Management (BCM) Specialists, which, besides the support provided to serviced entities, will have the opportunity to support the Corporate Information Risk Management functions on various IRM and BCM related activities to ensure that IT risk and Continuity risk are adequately managed (e.g. Quality assurance assessments, Deep dives, etc.).
We are looking to fill in multiple roles thus we are looking for candidates with different levels of Seniority which have experience in areas like IT audit for consulting companies or other financial institutions, Generic IT & IT SOX controls testing reviews, Information/IT Security professionals working for financial institutions, IT professionals with a passion for Security which are looking for a career change. If you have experience in any of the above, do not hesitate to apply!
- Participating in and challenging risk assessments (including Data Classification, Business Impact Assessments or detailed IT Risk assessments);
- Communicating, providing interpretation & training for IT Risk tooling and IT Risk Policies, Minimum Standards, Procedures, Methods and Techniques;
- Perform Second Line Monitoring activities (Reviewing & challenging) the Generic IT or SOX Key Control Tests results;
- Participating in, challenging and periodically reporting upon the risks of key strategic (IT/BCM) programs and projects;
- Measuring and reporting the implementation of Information (Technology) security or Continuity framework throughout the organization;
- Supporting the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
- Raising and reviewing for closure of risk remediation actions for IT Risk of Continuity Risk gaps identified;
- Perform specific second line reviews (e.g. spot checks - reviewing the implementation and effectiveness of IT controls for (Business) applications, deep dives - thematic reviews performed for certain IT Controls, etc.);
- Contributing to the development and maintenance of a risk awareness curriculum and training program, and delivering risk awareness trainings to the organization;
- Performing and assisting in other information risk activities where the requirements arise.
What are we looking for:
We are looking for an energetic, self-motivated team-player to be part of IRIC team who has the following characteristics:
- University BSc Degree or equivalent, preferably in IT field;
- 2- 6 years' experience in IT/IT Security/IT Audit or (Information) Risk Management areas;
- Focused, self-driven and results oriented;
- Analytical with the ability to think broadly but also with attention to detail;
- Good analytical skills and sound judgment;
- Excellent communication skills, fluency in English (written and spoken);
Would be considered a plus:
- Knowledge of Banking business, processes, procedures and systems and associated laws & regulations
- Experience in Business Continuity Management & having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations)
Your work environment:
- Flexible working schedule, which usually includes two days of WFH, but because we can adapt to any situation, we work fully remote for the moment;
- Extra vacation days, depending on your entire working experience;
- We encourage personal and professional development, so we invest in your learning and certifications;
- Because everybody is working from home and we really understand that is not always easy, we have built a program which includes free online internal events that can help you manage this stressful period;
- We also have a cool community and your colleagues will help you to integrate fast;
- When we will be back at the office, a relaxing environment will be awaiting, with a flexible desk policy that allows you to work from an office desk, but also from a couch or from the terrace;
- And when you will need a break, you can have a tea from Teapigs and/or a coffee from Nespresso which you can enjoy on the terrace while reading a book from Bookster;
- But because we work fully remote, we can now enjoy our chairs and monitors from work - at home, reading a book from Bookster while our live DJ sets plays you chillaxing music.