Title: Information Risk Managers

Employer: ING Financial Services, LLC

Location: New York, NY

Salary range: $189,000 – $210,000

Job Description:

Be a trusted Information Risk and Business Continuity Risk advisor in the 2nd LoD, who directs, and supports the identification, analysis and mitigation by 1st LoD/business of risks to ING that result from inadequate information security (supporting business applications, IT processes, databases and supporting infrastructure), with the aim of assuring reliability of information, integrity and the availability of systems. Liaise with the CIO, CISO, CAS and other Business Entities Information Risk Officers. Day-to-day focus is on the resolution of complex problems or transactions, where expertise is required to interpret against policies, guidelines or processes. Participate in and challenge risk assessments on specific Information Risk and IT related topics. Monitor and challenge implementation of Policies, Procedures and Controls. Participate and challenge Business Continuity and Disaster Recovery processes. Monitor and challenge proper reporting of Information Risk and IT related events. Perform 2nd Line Monitoring over key controls tested by 1st LoD. Participate in innovative projects to advise and challenge on implementation of information security and general IT controls requirements. Be a strong contributor supporting IT to keep its Risk Appetite within pre-defined thresholds. Primary focus will be on day-to-day deliverables, developing solutions based upon subject expertise, and occasionally representing the department at a broader level. Full ownership for one or more processes, reports, procedures and/or processes. Interpret policies, guidelines and/or processes and challenge implementation by 1st LoD of standards, processes and controls. Responsible for understanding and assessing INGs business operations regarding Information Risk, identifying issues and opportunities and collaborating with 1st LoD on the implementation/challenge of appropriate solutions.

Minimum Requirements:

Master’s degree or foreign equivalent in Information Systems, Quantitative Systems, or a closely related field and 2 years [or a Bachelor’s degree or foreign equivalent as stated above and 5 years] of experience in any occupation as an Information Risk Management, Information Security, IT Controls, or closely related. Must have experience working with the following: Information technology risk management within the financial institution industry; IRM, BCM and IT processes; Standards and frameworks including ISO 27001, ISO9001, NIST, COBIT, FFIEC, and/or ITIL; Non-financial risk models and risk assessments; Working knowledge of the Sarbanes-Oxley act with the ability to interpret and apply its provisions in the organization; Managing cross functional projects and influencing executive level strategic decision making and effectively translating technology insights to business strategy in communications with senior executives; Implementing mechanisms to identify emerging trends and leading practices with respect to technology architecture, resilience, cyber risk protocols; and Designing risk management methodologies, risk metrics technology enablement to support risk programs change management initiatives and strategies. Requires at least one valid Professional License: CISA, CISM, and/or CRISC.

#LI-DNI