Information Risk Managers

About The Position

Requirements

• Master’s degree or foreign equivalent in Information Systems, Quantitative Systems, or a closely related field and 2 years [or a Bachelor’s degree or foreign equivalent as stated above and 5 years] of experience in any occupation as an Information Risk Management, Information Security, IT Controls, or closely related
• Experience working with Information technology risk management within the financial institution industry
• Experience working with IRM, BCM and IT processes
• Experience working with Standards and frameworks including ISO 27001, ISO9001, NIST, COBIT, FFIEC, and/or ITIL
• Experience working with Non-financial risk models and risk assessments
• Working knowledge of the Sarbanes-Oxley act with the ability to interpret and apply its provisions in the organization
• Experience Managing cross functional projects and influencing executive level strategic decision making and effectively translating technology insights to business strategy in communications with senior executives
• Experience Implementing mechanisms to identify emerging trends and leading practices with respect to technology architecture, resilience, cyber risk protocols
• Experience Designing risk management methodologies, risk metrics technology enablement to support risk programs change management initiatives and strategies
• Requires at least one valid Professional License: CISA, CISM, and/or CRISC

Responsibilities

• Directs, and supports the identification, analysis and mitigation by 1st LoD/business of risks to ING that result from inadequate information security
• Liaise with the CIO, CISO, CAS and other Business Entities Information Risk Officers
• Participate in and challenge risk assessments on specific Information Risk and IT related topics
• Monitor and challenge implementation of Policies, Procedures and Controls
• Participate and challenge Business Continuity and Disaster Recovery processes
• Monitor and challenge proper reporting of Information Risk and IT related events
• Perform 2nd Line Monitoring over key controls tested by 1st LoD
• Participate in innovative projects to advise and challenge on implementation of information security and general IT controls requirements
• Supporting IT to keep its Risk Appetite within pre-defined thresholds
• Developing solutions based upon subject expertise, and occasionally representing the department at a broader level
• Full ownership for one or more processes, reports, procedures and/or processes
• Interpret policies, guidelines and/or processes and challenge implementation by 1st LoD of standards, processes and controls
• Responsible for understanding and assessing INGs business operations regarding Information Risk, identifying issues and opportunities and collaborating with 1st LoD on the implementation/challenge of appropriate solutions