Third Party IT Risk Specialist

About the position

The financial industry is a sector of constant change and transformation - yesterday wants are today needs. Customer and regulator demand, advancements in technology and digitization, product innovations and new ways of banking – all elements of the world around us are evolving at lightning speed.
We as ING do not want only to adapt, we want to stay a step ahead. This requires talented professionals who will continuously seek for improvements of our existing processes and bringing fresh ideas into practice.

Third- party management is a crucial function that involves overseeing and coordinating relationship with external partners, suppliers, and vendors. This process ensures that these third parties meet contractual obligations, comply with regulations, and align with the ING strategic goals. Effective third -party management helps organization mitigate risks, enhance operational efficiency, and foster reliable partnership, ultimately contributing to sustained business success.

The Third -Party management as an innovative service aims to revolutionize how business manage their external partnerships, ensuring efficiency, compliance, and strategic alignment. Join our dynamic team to contribute to this cutting- edge initiative, leveraging your expertise to shape the future of the third-party management and drive significant impact across various industries. If you are passionate about excellence and looking for a challenging yet rewarding role, we invite you to be part of our journey towards innovation and success.

As Third party IT risk Specialist, these will be your main responsibilities and duties:

• Contribution on building new Third party service, establishing third party risk management methodology and framework
• Perform risk assessments related to information systems and cyber security of third parties
• Manage Third-parties, contribute on quality of data related to vendors and suppliers based on provided type of service
• Identify and evaluate potential risks of third parties
• Cyber security consultancy, ability to describe cyber security controls and risks to business
• Execution of controls related to third parties and compare the delivered evidence with requirements of the Minimum Standards
• Communication with stakeholders and Third-parties, providing transparent results of testing
• Come up with improvements on the way of performing an assessment, required evidence, work-instructions, automation, test scripts, (improvement cycle coordinated by SME)
• Cooperation with procurement team during onboarding of new services, review of cyber security clauses and amendment
• Cooperation with IT service, stakeholders and third-parties during data breach
• Continuously reviewing already existing or changing services
• In addition to the above-mentioned tasks other activities and responsibilities in information security area may be individually defined.

Despite the fact that our team likes to work together in our offices, we can achieve goals together even remotely. If you know how to work independently and prove your proactivity, we will be able to allow you working remotely as well.
However, we will be happy if you will be with us in the office from time to time :).

Personality requirements and skills

• Ability to work independently and communicate effectively
• Experience in the IT Industry (IT risk management, Information Security, IT Control Testing, SOX, Compliance, 3rd party IT risk management)
• You are considering yourself as pro-active and a motivated professional
• You are corporate organization sensitive and are capable of working under pressure
• You are a real team player and recognize the importance of working together
• Experience with enterprise-level processes and controls (Sox testing experience preferred) are welcomed
• Ability to define the steps to take to make the risk / test process lean and first time right
• Familiarity with third party risk assessment methods and control frameworks such as ISO27001, NIST, COBIT, SOC2 advantage
• CISSP , CISM or  CISA certification(s) are also highly welcomed

Wage (gross) 2.240 EUR/month

*By legal requirement we are providing the information about the basic wage component (minimum salary) for the advertised position. Based on your experience/profile, the final financial conditions will be the subject to discuss and negotiate at the personal interview, however, not less than above mentioned minimum salary component.

We offer you a bunch of great benefits

Friendly working environment

• You build your own working day - flexible working hours and work from home
• Daily working time: 7hrs 45min instead of standard 8hrs
• Daily refreshments - coffee, fruits, drinks
• Fully equipped gym accessible 24 hours / 7 days per week
• Game room with unlimited access
• Modern designed coffee corner and terrace with the grill spot

WellbeING

• Sick leave compensation: up to 80% of the monthly salary
• Life insurance contribution: up to 22,14 EUR/per month
• 3rd pillar contribution: up to 3% from your monthly salary
• 24/7 external mental health support
• Learning opportunities: internal and external learning programs
• Regular teambuildings, social events and communities

YOU/family/friends time

• Extra 3 PERSONAL days per year
• Extra vacation days: up to 10 extra days/per year
• We welcome your ING-positive friends: referrals starting from 1000 EUR
• 150€ for childbirth/adoption bonus, wedding day and registered partnership contributions, work anniversary award
• Our premises are open 24/7 and you can even bring your friends or family along (up to 2 friends to the gym and game room)

Extra perks

• Yearly bonus based on your performance and company’s results
• Cafeteria points: 50€/month (600€/year) - Multisport card, Alza, Zalando, Cinema City, etc.
• Home office contribution: 20 EUR/per month
• Discounts from our and your favorite stores: up to 30%
• Warm welcome package for your fresh start
• Pet friendly office