IT GRC Chapter Lead

Tech Americas | IT Chapter Lead Americas | New York

About ING: 

Ranked #8 on LinkedIn Top Companies in Financial Services

Crain’s 100 Best Places to Work

Ragan’s Top Places to Work in 2023

In Americas, ING’s Wholesale Banking division offers a broad range of innovative financial products and services to domestic and international corporate and institutional clients. 

 
When you come to work at ING, you’re joining a team where individuality isn’t just accepted, it’s encouraged. We’ve built a culture that’s fun, friendly and supportive – it’s the kind of place where you can be yourself and make the most of whatever you have to offer.

We give people the freedom to take risks, think differently, take ownership of their work, and make great things happen. We’re here to help you get ahead. And with our global network, there’s plenty of scope to take your career in new directions, perhaps even ones you’ve never considered. ING Americas follows a hybrid work model, allowing for in-office / work from home flexibility. Hybrid work arrangements vary based on business area.

Sound like the kind of place you’d feel at home? We’d love to hear from you.

About the position:

As an IT Risk Chapter Lead you will function as a bridge between Stream aligned and Platform teams and work in a cross-cutting role driving advancement in ING America’s Governance, Risk and Compliance practice.  You will lead by example and coach others to develop their skills in multiple technology areas (e.g. Quality Engineering, IT Risk Management, Paradigm Shift, Infrastructure, Security, Cybercrime, Software Development, data etc.).

Reporting to the Head of IT Security/CISO, you will play a key role continual advancement of our engineering mastery and practices such as Agile, Continuous Delivery and Team Topologies. Joining our dynamic team, you’ll be responsible for maintaining the Governance, Risk & Compliance of ING America’s entity to ensure safe, secure and compliant bank within defined risk appetite.

At the core of all of this, is our focus on diversity and inclusion. Having diverse opinions and perspectives to ensure we challenge our thinking and build the best for our customers.

About the department:

ING Americas Tech is the support backbone and catalyst for new and innovative solutions that drive growth for both internal and external customers. We strive to bring technical expertise and business knowledge together to support a wide range of business products within media and telecoms (TMT), utilities power and renewables, natural resources, food and agribusiness, real estate and infrastructure, with financial product specialists in industry lending, corporate finance, debt capital, commodity and export financing, sustainable finance and much more.

Responsibilities:

Area of responsibility

Leads a team of engineers and subject matter expert, sets the standards for their chapter (Governance Risk & Compliance, IT Risk Management, Dev SecOps) and takes responsibility for developing, innovating and safeguarding knowledge in the field of expertise. Focuses on innovation and the improvement of IT in the strategic field to provide standardization and improvement of IT processes. Contributes from the perspective of IT knowledge to the strategy of the organization and is responsible for team success and close collaboration with 2nd line of defense. 

• Align collaboration activities with local and global second lines of defense, sharing content and contextual knowledge to provide pragmatic solutions across all IT Risk Pillars.
• Serve as an expert advisor in the development, implementation, and continuous maintenance of a robust information security “Paradigm Shift Program” to meet ING’s risk appetite.
• Manage IT security standards and procedures to ensure correct implementation and maintain an information security monitoring roadmap aligned with firm KPIs/KRIs, such as IAM, SDR, Change Management, Platform, and Cybercrime.
• Develop and implement remediation plans for identified vulnerabilities, working with cross-functional teams locally and globally to ensure the bank remains safe, secure, and compliant
• Provide oversight and reporting on the execution of IT security system controls and application security, utilizing an adaptable and secure business-supporting model. This includes, but is not limited to, patch management, security operations, engineering, and security detection and response.
• Identify opportunities for automation and integration to streamline Security Services. Possess knowledge of Cloud fundamentals, such as Design Patterns and the Shared Security model, to enhance the security testing process (SAST/DAST) under SDLC guidelines.
• Manage the lifecycle of critical assets in ING’s private/public cloud to maintain the risk posture by implementing ING security standards on database or middleware infrastructure, forming the risk opinion for the Paradigm Shift Program.
• Coach and mentor other engineers, acting as a role model in developing team capabilities across industry trends, technologies, methodologies, and behaviors.
• Manage security and risk guidelines and support system documentation related to risk requirements.
• Partner with global outsourced teams to create and update standard operating procedures and reporting.

Qualifications and Competencies

• Bachelor’s or master’s degree in computer science or a related field.
• Possession of one of the following certifications: PMP (IT Project Management), CISSP, CCSP, or CISM.
• A minimum of 5 years of experience in Information Security Project Management, preferably in cloud security.
• Familiarity with non-financial risk models and threat assessments.
• Proven analytical skills to solve complex business and technical problems, with the ability to communicate and educate both senior management and other SMEs in information technology teams.
• Ability to remain poised and act competently in high-pressure, high-stress situations.
• Up-to-date knowledge of new tools and technologies related to information security and cyber regulations.
• Demonstrated experience with various information security controls, including secure network architecture, systems security, encryption systems, and application security.
• A passion for continuously developing technical expertise and fostering an engineering mindset.
• Ability to work independently, demonstrating proactivity, high-quality standards, and adherence to planning.
• Strong interpersonal skills to build relationships with Information Security Specialists and senior management.
• A critical yet constructive mindset, with accuracy and thoroughness, and the ability to connect self-reflection with action.
• Deep knowledge and experience with security and regulatory compliance, as well as external audits (e.g., NYSDFS 500, SEC, FINRA, SOX, Federal Reserve, etc.).
• Preparedness to challenge the program and Information Security’s second line of defense, and to have difficult conversations, when necessary, in the interest of adhering to policies and standards.
• A continuous improvement mindset. 

Salary Range $143,000 -$188,000

In addition to comprehensive health benefits, a generous 401k savings plan, and competitive PTO, ING provides a broad array of benefits including adoption, surrogacy, and fertility services; student debt assistance; and subsidies for expenses associated with working from home, commuting, and fitness.

ING is a committed equal opportunity employer. We welcome applicants of diverse backgrounds and hire without regard to race, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law. We celebrate these differences and rely upon your unique perspective to innovate and seize new opportunities. Come as you are.

ING Bank does not have a commercial banking license in the U.S. and therefore not permitted to conduct a commercial banking business in the U.S. Through its wholly owned subsidiary ING Financial Services LLC, and its affiliates, it offers a full array of wholesale products such as commercial lending and a full range of FM products and services.