Senior Information Risk Specialist @ING Hubs Romania

ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of 𝐨𝐯𝐞𝐫 𝟐𝟎𝟎𝟎 𝐡𝐢𝐠𝐡-𝐩𝐞𝐫𝐟𝐨𝐫𝐦𝐢𝐧𝐠 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐬, 𝐫𝐢𝐬𝐤, 𝐚𝐧𝐝 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 𝐩𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬.

We started out in 2015 as ING’s software development hub, then steadily expanded our range to include more services and competencies. Now we provide borderless services with bank-wide capabilities and 𝐨𝐩𝐞𝐫𝐚𝐭𝐞 𝐟𝐫𝐨𝐦 𝐭𝐰𝐨 𝐥𝐨𝐜𝐚𝐭𝐢𝐨𝐧𝐬: 𝐁𝐮𝐜𝐡𝐚𝐫𝐞𝐬𝐭 𝐚𝐧𝐝 𝐂𝐥𝐮𝐣-𝐍𝐚𝐩𝐨𝐜𝐚.

𝐎𝐮𝐫 𝐭𝐞𝐜𝐡 𝐜𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐫𝐞𝐦𝐚𝐢𝐧 𝐭𝐡𝐞 𝐜𝐨𝐫𝐞 𝐨𝐟 𝐨𝐮𝐫 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬, with more than 1800 colleagues active in Data Management, Touchpoint Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged.

For us, impact isn't a perk. It's the driver of our work. We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you?

The Mission

The NFR Specialist IV (Information Risk Management Officer) is a 2nd line of defence (2LoD) independent role, is an expert in Information Risk and Operational Resilience & Business Continuity Management (ORBC) and shall provide expertise review, challenge and advice to ING Hubs Romania.

You will provide expert advice within the organization, on, but not limited to external/ internal events, risk identification & assessment, risk mitigation & tracking, risk reporting, you will perform regular review and challenge on IT & ORBC control implementation and ensure monitoring of the related issues.

Your day-to-day

• Participate in and challenge risk assessments (including Business Impact Assessment and IT Asset Risk Assessment);
• Communicate, provide interpretation & training for IT Risk tooling and IT Risk Policies, Minimum Standards, Procedures, Methods and Techniques;
• Perform 2nd line IT Risk and Operational Resilience & Business Continuity Management review and challenge of related controls implementation;
• Perform 2nd line IT Risk monitoring of IT and ORBC issues;
• Participate in, challenge and periodically report upon the risks of key strategic (IT/ ORBC) programs and projects;
• Measure and report on the implementation of Information (Technology) or Continuity Risk frameworks throughout the organization;
• Support the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
• Be a trusted IRM/ORBC advisor towards 1st line of defense management and other Non-Financial Risk specialists;
• Raise, review & challenge opening or review for closure of risk remediation actions for IT Risk of Continuity Risk gaps identified;
• Participate and contribute to IT controls & ORBC controls deep-dive or thematic reviews;
• Contribute to the development and maintenance of a risk awareness curriculum and training program, and deliver risk awareness trainings to the organization;
• Perform and assist in other information risk activities where the requirements arise.

What we are looking for

• University Degree, preferably IT field;
• 5-7 years’ experience in Information Security/IT Security/Technology Risk/IT Audit;
• Knowledge of and experience with IT Risk Assessments, IT Control Assessments or IT Audit assignments;
• Familiarity with Information Security and Technology Risk / Cyber Security Standards and Regulations (such as NIST, COBIT, ITIL);
• Exposure to & understanding technical & business-related threats facing banking industry. Ability to identify and pursue solutions to manage IT risks;
• Collaboration skills and ability to work across both functional and geographical lines;
• Pro-activeness and persuasiveness;
• Ability to demonstrate critical thinking and discuss findings, recommendations with senior management;
• Good analytical skills and sound judgement;
• Fluent in English (written and spoken);

Would be considered a plus

• Having professional education and training in Information Security and Technology Risk (e.g., ISC2, CISSP);
• Knowledgeable of Banking business, processes, procedures and systems and associated laws and regulations.

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/ Candidates tab)