ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of 𝐨𝐯𝐞𝐫 𝟐𝟎𝟎𝟎 𝐡𝐢𝐠𝐡-𝐩𝐞𝐫𝐟𝐨𝐫𝐦𝐢𝐧𝐠 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐬, 𝐫𝐢𝐬𝐤, 𝐚𝐧𝐝 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬 𝐩𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬.

We started out in 2015 as ING’s software development hub, then steadily expanded our range to include more services and competencies. Now we provide borderless services with bank-wide capabilities and 𝐨𝐩𝐞𝐫𝐚𝐭𝐞 𝐟𝐫𝐨𝐦 𝐭𝐰𝐨 𝐥𝐨𝐜𝐚𝐭𝐢𝐨𝐧𝐬: 𝐁𝐮𝐜𝐡𝐚𝐫𝐞𝐬𝐭 𝐚𝐧𝐝 𝐂𝐥𝐮𝐣-𝐍𝐚𝐩𝐨𝐜𝐚.

𝐎𝐮𝐫 𝐭𝐞𝐜𝐡 𝐜𝐚𝐩𝐚𝐛𝐢𝐥𝐢𝐭𝐢𝐞𝐬 𝐫𝐞𝐦𝐚𝐢𝐧 𝐭𝐡𝐞 𝐜𝐨𝐫𝐞 𝐨𝐟 𝐨𝐮𝐫 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬, with more than 1800 colleagues active in Data Management, Touchpoint Channels & Integration, Core Banking, and Global Products.

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged.

For us, impact isn't a perk. It's the driver of our work. We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you?

Your  mission

As an OpsRisk Engineer will be part of the Financial Markets domain. 

You will help on risk subjects like:        

• Act as a central SPOC for all incoming IT risk assessments and control evidencing requirements adhering the established control framework, SOx requirements and industry best practices.

• Monitoring, tracking and managing deviations to established IT Risk controls.

• Mediating between 1st LOD/2nd LOD and DevOps teams.

• Conducting walkthroughs with auditors to review and validate IT Risk control processes.

• Lead technical due diligence sessions with third party vendors.

You will work in an AGILE environment, following SCRUM methodology together with DevOps squads, helping to maintain a safe and secure application.

Your Day to Day

Your primary mission is to help the squads to implement IT Controls and to prove the controls are implemented effectively:

• ensure we are in control of our risk appetite

• define and document adequate risk processes and collect the evidences in regards; make sure that the different risk parties agree with the evidences

• responsible for creating documents and project management requirements or specifications

• provide documentation support to the technical team; interface with developers and operation engineers to define the specifications

• liaison between the team and other IT Risk professionals

• understand the need for security and apply it using the existing framework; constant communication about changes

• participate in automation program for process and evidence for IT risk

• show proactivity and flexibility, come up with plans of action and adapt approaches if necessary

• understand the corporate climate and culture and act as an ambassador; IT custodianship/asset owner role.

What you’ll bring to the team

Experience:

• Degree and/or experience in IT risk management, cybersecurity, or related field.

• Understanding of fundamental IT risk and security concepts and ability to think critically across technical control domains.

• Knowledge of IT control frameworks (eg. SOX, GDPR, CSA CCM) and industry standards (eg. ISO2700x, NIST).

• Proven track record of conducting IT control evidencing, qualitative risk assessments and developing mitigation strategies.

Risk reporting and communication:

• ability to communicate risk-related concepts to technical stakeholders.

• experience in liaising with second line risk functions.

• strong written and verbal communications skills in English.

• Certifications such as CISSP, CISM, CRISC or equivalent are a plus.

Knowledge:

Mandatory:

• Ability to understand the risk processes in an IT environment

• Experience with IT risk standards

• Ability to make clear and convincing statements related to risk procedures Proven planning and organizing experience

Nice to have:

• Project management experience

• Ability to track, plan and coordinate projects related to third party risk management,  technical compliance, and/or IT risk automation

• Experience in working with Dev(Sec)Ops teams across vulnerability management, threat hunting, security detection and response and developing, or contributing to information security policies and procedures

• Knowledge of Agile methodology

Foreign languages: English (advanced)

Education: nice to have Bachelor’s Degree (or higher) in an IT related field.

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/ Candidates tab).