Operations Engineer - Risk & ITRMP (SaaS Low-Code Application)

We are looking for you, if you:

• have bachelor's degree in Computer Science, Information Technology, or a related field.
• have a relevant experience within IT Risk management for SaaS,
• can identify, assess, and mitigate risks associated with the SaaS low-code application. Develop and implement risk management strategies and controls,
• are a proven expert in the field of IT Risk, possessing in-depth knowledge of IT Risk Management and processes. You can deal with and advise on highly complex and difficult matters,
• are able to transfer IT security requirements into practical implementation,
• are a trusted advisor, who brings IT Risk under control by supporting the business lines. In addition, you know how engineers work and how controls can be best integrated in their daily way of working, ensuring that delivery and risk are balanced for the risk appetite of the business,
• are flexible, energetic, influential you adapt easily and can work both independently and in a team,
• can analyse and solve problems. You are a holistic thinker with an attention to details,
• are organized, can provide structure and maintain focus on the full picture.

You’ll get extra points for:

• active holder of certifications issued by ISC2 (like CISSP, CCSP) or issued by ISACA (like CISM, CISA, CRISC) or similar,
• knowledge about AI and low code platforms,
• business oriented approach,
• Agile/Scrum knowledge.

Your responsibilities:

The SaaS Engineer operationally aligns (as operational ING business contact) with a 3rd party to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application. SaaS engineer maintains operational relationship with the 3rd party and makes sure ING minimum standards and regulatory requirements are followed. This concerns the activities that have been agreed upon in the SaaS/Outsourcing contract to keep the bank safe.

Main focus, IT Risk related activities:

• conduct 3rd party Trust sessions / IT Risk assessments with suppliers,
• assess the third party assurance reports and certificates of the SaaS supplier (like ISO) and Service Organization Control (SOC 2) audit reports,
• identify potential exceptions, control gaps and manage the follow-up with SaaS supplier,
• act as SPOC for 3rd party penetration testing by ING,
• support Asset Owner on creating IA (Issue Acceptance) and/or MIA (Management Identified Action) and follow up on these,
• collect and register IT Risk related evidence (from ING and 3rd parties) and ensure this remains up-to-date and timely registered in ITRMP,
• conduct periodic IT Risk service meetings with SaaS supplier,
• determine the impact of new/changed external regulations /ING standards on the SaaS supplier,
• align with 3rd party on their product roadmap and release planning and determine the impact of 3rd party changes on ING,
• participate with ING Procurement, Legal and DPO.

As an Operations Engineer at ING, you will play a crucial role in ensuring the security, reliability, and compliance of our SaaS low-code application. You will be responsible for identifying, assessing, and mitigating risks, as well as implementing and maintaining the Information Technology Risk Management Program (ITRMP). Your expertise will help us deliver a secure and seamless experience to our customers.

Information about the squad:

We are looking for an enthusiastic and experienced SaaS (Software as a Service) Engineer to become part of the Knowledge Management Chapter within Employee TECH Services. As SaaS engineer you will become part of international team within ING Group.

The role naming convention in the global ING job architecture will be “Engineer III”