Discover ING Tech Romania :
ING Tech Romania is ING’s global hub for technology established in 2015. Focused on building strategic key capabilities, the hub provides approximately 121 services for more than 24 countries and business units within ING Group in the following main categories : software development;
data management; non-financial risk & compliance and audit.
Now, in 2021, our fast-growing organization gathers more than 1000 high-performing engineers that work together in global tribes
This position is part of ING Regional Information Risk Management Centre (IRIC) located in Bucharest, Romania. The role is defined as IRM Officer’ within the global Information Risk Management community, and is part of the Corporate IRM Independent Validation Unit.
The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC) and functionally to the Head of Corporate IRM Independent Validation Unit.
The primary role of the IRIC in Bucharest is to provide support to the ING Bank Information Risk Management community in performing Risk Monitoring activities for Romania based ING entities (e.
g. ING Tech and ING Bank Romania).
The specific tasks of the IRIC based CIRM IVU team are related to Quality Assurance in Control Compliance and IT Assessments world-wide, providing guidance on Standards and Policies, delivering educational services, developing risk tooling and liaising with IT, IT Risk and IT Security functions (1st & 2nd Line of Defence) world-wide.
The IRM Officer plays the role of a risk management advisor which helps ING in managing its information risks within the risk appetite.
He / she does that by monitoring & challenging the implementation of information risk policies and minimum standards and by providing risk management support and advice, when needed.
Provides Quality Assurance on Control Compliance & IT Risk Management activities;
Participates and / or executes Spot Check and / or IT Risk & Maturity Assessments world-wide;
Assists in delivering and facilitating Corporate IRM’s educational services;
Assists with the development of relevant (IT) Risk Tooling;
Provides interpretation of ING Group Information (Technology) Risk policies & Minimum standards;
Reviews various technical documentation Security Baselines, Functional Specification documents, Application Architectures documents etc.;
Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;
Participates in or reviews Information Risk Assessments;
Reviews, challenges and supports, where needed, the business and / or IT for / during risk assessment sessions for identifying information risks;
Performs spot checks for verifying the effectiveness of the implemented (IT) controls and recommend remediation based on the outcome;
Participates in designated projects, developments or business initiatives, advising on information risks;
Measure and report the implementation of information risk framework throughout the organization;
Performs Second Line Monitoring role in IT Generic Key Control / SOX Testing processes;
Performs and assist in other non-financial risk management activities where the requirements arise.
Who we are looking for :
We are looking for a motivated colleague who has the following characteristics and capabilities :
University BSc Degree or equivalent, preferably in IT field;
2 4 years’ experience in IT Audit or IT Risk Management;
Knowledge of and experience with IT Audit assignments, IT Control Assessments or IT Risk Assessments;
Collaboration skills and ability to work across both functional and geographical lines;
Pro-activeness and persuasiveness;
Good analytical skills and sound judgment;
Fluent in English (written and spoken);
15% to 25% of travelling is required in this position (after Covid).
Would be considered a plus :
Having professional education and an international certification for Information (Technology) / Risk Management (e.g. ISC2, ISACA accreditations);
Knowledge of Banking business, processes, procedures, systems and associated laws & regulations;
Knowledge and experience in one or more IT Security areas.