This new position is part of ING Regional Information Risk Management Centre (IRIC) located in Bucharest, Romania. The role is defined as IRM Officer’ within the global Information Risk Management community, very specifically related to the information risk management activities of the Corporate IRM Independent Validation Unit.
The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC) and functionally to the Head of Corporate IRM Independent Validation Unit.
The IRM Officer plays the role of a risk management advisor which helps ING in managing its information risks within the risk appetite.
He / she does that by monitoring & challenging the implementation of information risk policies and minimum standards and by providing risk management support and advice, when needed.
The specific tasks of the IRIC based CIRM IVU team are related to Quality Assurance in Control Compliance and IT Assessments world-
wide, providing guidance on Standards and Policies, delivering educational services, developing risk tooling and liaising with IT, IT Risk and IT Security functions (1st & 2nd Line of Defence) world-wide.
Your work environment :
you will be part of a team of IRM Officers and Business Continuity Management (BCM) Officers dedicated to support the global Information and Continuity Risk Management functions on various IRM and BCM related activities to ensure that Information and Continuity risk are adequately managed.
Your day-to-day :
Provides Quality Assurance on Control Compliance & IT Risk Management activities;
Participates and / or executes Spot Check and / or IT Risk & Maturity Assessments world-wide;
Assists in delivering and facilitating Corporate IRM’s educational services;
Assists with the development of relevant (IT) Risk Tooling;
Provides interpretation of ING Group Information (Technology) Risk policies & Minimum standards;
Reviews various technical documentation Security Baselines, Functional Specification documents, Application Architectures documents etc.;
Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;
Participates in or reviews Information Risk Assessments;
Reviews, challenges and supports, where needed, the business and / or IT for / during risk assessment sessions for identifying information risks;
Performs spot checks for verifying the effectiveness of the implemented (IT) controls and recommend remediation based on the outcome;
Participates in designated projects, developments or business initiatives, advising on information risks;
Measure and report the implementation of information risk framework throughout the organization;
Performs Second Line Monitoring role in IT Generic Key Control / SOX Testing processes;
Performs and assist in other non-financial risk management activities where the requirements arise.
What you bring to the team :
We are looking for a motivated colleague who has the following characteristics and capabilities :
University BSc Degree or equivalent, preferably in IT field;
2 4 years’ experience in IT Audit or IT Risk Management;
Knowledge of and experience with IT Audit assignments, IT Control Assessments or IT Risk Assessments;
Collaboration skills and ability to work across both functional and geographical lines;
Pro-activeness and persuasiveness;
Good analytical skills and sound judgment;
Fluent in English (written and spoken);
15% to 25% of travelling is required in this position.
Would be considered a plus :
Having professional education and an international certification for Information (Technology) / Risk Management (e.g. ISC2, ISACA accreditations);
Knowledge of Banking business, processes, procedures, systems and associated laws & regulations;
Knowledge and experience in one or more IT Security areas.