IT OpsRisk Engineer

Bucharest - Dacia One

Apply now Apply later

IT OpsRisk Engineer @ ING HUBs RO 

Discover ING Hubs Romania 

We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies. 

Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj. 

With the help of 1800 engineers, risk and operations professionals, we offer 150 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide. 

Our tech capabilities remain the core of our business, with more than 1100 colleagues active in Data Management, TouchPoint Channels & Integration and Core Banking. 

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people. 

Here’s a sneak peak of what our colleagues say about working within ING Hubs Romania: 

v At ING, you are a safekeeper of trust | 95% of our colleagues agree 

 

Your  mission 

As an IT OpsRisk Engineer you will be part of the IT Security & Risk working with squads across the organization.  

You will be supporting squads on risk topics like :          

  • Acting as a central SPOC for all incoming IT risk assessments and control evidencing requirements adhering the established control framework, SOx requirements and industry best practices.  

  • Monitoring, tracking and managing deviations to established IT Risk controls. 

  • Mediating topics between 1st LOD/2nd LOD and DevOps teams. 

  • Conducting walkthroughs with auditors to review and validate IT Risk control processes. 

  • Lead technical due diligence sessions with third party vendors. 

You will work in an AGILE environment, following SCRUM methodology together with DevOps squads, helping to maintain a safe and secure service. 

 

Your Day-to-Day  

 

Your primary mission is to help the squads to implement IT Controls and to prove the controls are implemented effectively: 

  • ensure we are in control of our risk appetite 

  • define and document adequate risk processes and collect the evidences in regards; make sure that the different risk parties agree with the evidences 

  • responsible for creating documents and project management requirements or specifications  

  • provide documentation support to the technical team; interface with developers and operation engineers to define the specifications 

  • liaison between the team and other IT Risk professionals  

  • understand the need for security and apply it using the existing framework; constant communication about changes 

  • participate in automation program for process and evidence for IT risk 

  • show proactivity and flexibility, come up with plans of action and adapt approaches if necessary 

  • understand the corporate climate and culture and act as an ambassador; IT custodianship/asset owner role. 

What you’ll bring to the team 

Experience:  

Degree and/or experience in IT risk management, cybersecurity, or related field.  

Understanding of fundamental IT risk and security concepts and ability to think critically across technical control domains.  

Knowledge of IT control frameworks (eg. SOX, GDPR, CSA CCM) and industry standards (eg. ISO2700x, NIST). 

Proven track record of conducting IT control evidencing, qualitative risk assessments and developing mitigation strategies. 

Risk reporting and communication:  

• ability to communicate risk-related concepts to technical stakeholders. 

• experience in liaising with second line risk functions. 

• strong written and verbal communications skills in English.  

Certifications such as CISSP, CISM, CRISC or equivalent are a plus. 

 

Knowledge: 

o Mandatory: 

Ability to understand the risk processes in an IT environment 

Experience with IT risk standards 

Ability to make clear and convincing statements related to risk procedures 

Proven planning and organizing experience 

o Nice to have: 

Project management experience. Ability to track, plan and coordinate projects related to third party risk management,  technical compliance, and/or IT risk automation. 

Experience in working with Dev(Sec)Ops teams across vulnerability management, threat hunting, security detection and response and developing, or contributing to information security policies and procedures.3. 

Knowledge of Agile methodology 

Foreign languages: English (advanced) 

Education: nice to have Bachelor’s Degree (or higher) in an IT related field. 

What’s in it for you: 

  • Annual Performance Bonus  

  • Extra vacation days depending on the total length of working experience 

  • Flextime – our own way of working 

  • Monthly budget on Benefit platform 

  • Growth opportunities 

Defining a clear career path on short/ mid/ long term and identify the competencies you need to build/ develop to reach the next level: vertically – towards a managerial position or horizontally – towards an expert or architect level, locally or globally 

Upskilling/ reskilling programs 

  • Learning & Development opportunities 

  • Annual training & certifications budget 

  • Udemy & e-learning platforms 

Internal mobility is encouraged 

Possibility to access International Short-Term Assignments or Long-Term Assignments 

CSR activities: tree planting, coding lessons for teenagers etc. 

 

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  6  0  0

Tags: Agile Automation Banking CISM CISSP Compliance CRISC DevOps GDPR ISO 27000 Monitoring NIST Risk assessment Risk management Scrum SOX Vulnerability management

Perks/benefits: Career development Flex hours Flex vacation Salary bonus

Region: Europe
Country: Romania

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.