Vendor Security Management lead

The Global CISO organisation of ING is responsible to assist ING management, business and other tribes in providing customer friendly services in a safe and secure way. Business leaders and CISO are jointly responsible for bank-wide security. CISO is mandated to drive required change in all domains, business and IT.

The CoE Vendor Security Management is responsible on establishing and running 3rd party security approach & framework, advancing the maturity of our security services and processes, and partnering closely with our IT Risk & Security colleagues within all ING entities globally.

Your key responsibilities

Your team focus will be on the following capabilities:

• Assessing and establishing a 3rd party security global capability at ING. This includes the target state design – people, process, data, and technology – of the global assessment capability. This capability needs to be embedded inside ING’s Global Procurement processes and be scalable across ING businesses globally. Next, this role will lead the definition of the business case and rollout plan. The rollout would include proofs-of-concept / minimum viable product implementation and then further rollout across all ING businesses.
• Establish and lead the Vendor Security maturity model to drive continuous improvements around CISO Vendor security capabilities. This is intended to be carried out quarterly and be a key driver of the alignment to the CISO target operating model. This model would be carried out across all IT Risk & Security teams globally.
• Act as Vendor Security Service manager in relation to consumption of Vendor security services from Global CISO and external providers (e.g. IT Risk clauses, TPCRA, …). This includes establishing Service Level Agreement, monitoring the agreement, provide reporting on performance, lead the identification and follow up of structural improvements to Vendor security services.
• Establish and lead VSM processes within CISO. This includes the identification and measuring of key security and risk indicators, lead the alignment sessions with 2nd and 3rd line of defence and IT risk/security COE at ING on a joint cybersecurity backlog
• Provide VSM advisory to business and tech programs on Vendor security. It also includes providing steering as part of project/program governance bodies (e.g. representing CISO in SteerCos).
• Partner in advancing 3rd party IT Risk & Security practices globally.
• Execute Third Party Cyber Risk Assessments based on ING’s Policies and Standards towards ING’s Third-Party Suppliers.

As Vendor Security Management lead

As Vendor Security Management lead you have a passion for the combination of thinking and doing. You have an exemplary role, and you show that you are a true ambassador for the agile way of working and the ING culture (Orange Code). As Vendor Security Management lead you have earned your spurs within the expertise of IT and Security, and you are recognized as such. You determine how you work within your expertise and set the standards. You not only have a strong drive to continuously maintain your own expertise, but you also want to make an active contribution to further developing and innovating the field. In addition, you get energy from transferring your expertise to others and you get satisfaction from coaching (both professional and personal) the members of your team to get the best out of themselves.

Furthermore

• You act as a role model, and you strengthen the ING One Agile Way of Working while safeguarding the Orange Code.
• You are building and maintaining the craftsmanship of IT Security.
• You continue to develop within your own expertise and are seen as an expert in the relevant field.
• You facilitate, support and motivate your team members (approx. 3-5 IT security experts).
• You encourage and facilitate the Vendor security Management members to develop themselves.
• You collaborate with other IT Security and CISO teams across the ING organization.
• As Vendor Security Management lead you ensure standards within the own area of expertise. 
• You ensure that standards and knowledge are shared across the team(s).

We are looking for

An inspiring, approachable expert and pioneer of the cross-border culture, displaying the following behaviors:

• Passion for IT Security
• You have a 'Do it-Try it-Fix it' mentality
• You inspire based on your personal leadership and show energy and passion
• You are analytically skilled, able to bring structure and able to quickly identify the core problem
• You are energetic, flexible and creative in achieving goals
• You respect people and their challenges
• You are curious and open to new methodologies and techniques
• You work together and facilitate others within your team to be successful
• You actively promote and stimulate personal development and coaching of team members
• You display influence and impact without being able to see your team face to face regularly
• You act convincingly, strong in problem analysis, and creative in your solutions and you see giving and receiving constructive feedback as an important condition for working well together

Proven track record and technical skills:

• 10+ years of professional experience in IT or information security
• Experience leading teams in IT Security and mentoring and developing team members
• A personality and the capabilities to optimally function within an Agile environment
• Subject matter expert in 3rd party risk & security, with proven recent experience, is a must. Experience designing and implementing a 3rd party risk & security model is preferred.
• Professional and intellectual IT skills at bachelor or university level, preferably IT Master
• Experience working across lines of defence, ideally in the financial services industry
• Extensive experience in both IT Security and IT Risk
• Track record of consulting/advising Certification in and / or proven skills in Security and Risk (e.g. like CISSP, CISA, CISM and CCSP) (CISSP certification is mandatory to have or to obtain within 6 months)
• Excellent command of the English language
• Outstanding oral and written communication skills Experience of working in complex environments
• Strong analytical skills, and ability to solve high complexity problems
• Team player and collaborative

Rewards & benefits 
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. You can find out more about our employment conditions at Benefits in the Netherlands

The benefits of working with us at ING include: 

• A salary tailored to your qualities and experience 
• 24-27 vacation days depending on contract 
• Pension scheme 
• 13th month salary 
• Individual Savings Contribution (BIS), 3.5% of your gross annual salary 
• 8% Holiday payment 
• Personal growth and challenging work with endless possibilities
• An informal working environment with innovative colleagues
• Work Agile, so new ideas come to life faster

About us

With 60,000 employees and operations in approximately 40 countries, there is no shortage of opportunities for people with initiative who want to help people take a step ahead in life and in business. Do you want to work at the cutting edge of what’s possible and at the same time ensure you work with integrity and hold the customer’s interests at heart? Do you want to be surrounded by progressive, inspiring, diverse and supportive colleagues? Then there is no better place to invest your talents than at ING. Join us. Apply today.