Skip to main content

Head of IT security -ING

Head of IT security -ING Neo

The Head of IT Security – ING Neo is responsible for the design, implementation, support and risk management of ING Neo’s initiatives and infrastructure in alignment with ING's global IT Security and Risk minimum standards and policies.
ING's security mission is to make banking more trusted by delivering Integrated information security that creates an environment that is Secure, Agile and Responsible in order to safeguard our customer's identity and assets by actively preventing, detecting and responding to threats.

  • Integrated - Ensuring IT Security is baked into IT and business processes, focussing on the entire stack, and looking for innovative solutions;
  • Secure - Information is protected, trustworthy and available across its lifecycle;
  • Agile - Efficient, mature services responding to changing business needs, IT and threat landscape environment;
  • Responsible - Respecting employee and customer rights by embracing laws and regulatory requirements, and complying with ING policies
     
  • The Head of IT Security leads the IT Security and IT Risk teams, and is responsible for providing leadership and direction for the ING Neo organisation and initiatives in securing its information assets. This is accomplished by providing advice and security services, assisting the business and IT in managing IT Risk and maintaining compliance with information security policies and by developing solutions to mitigate business-specific exposures.

    The Head of IT Security works in close cooperation with ING's Global CISO, to ensure regional alignment to global strategies, and regional requirements are addressed in global solutions.
     

    Major responsibility areas

    30% Support the Business:

  • Provide leadership and direction for the organisation in securing its information assets
  • Develop IT Security Roadmap to support the delivery of the ING Neo security strategy
  • Oversee and steer the ING Neo IT organisation to ensure compliance with relevant local and regional regulation and ING policies & minimum standards and where applicable to ING Neo innovation strategy.
  • Act as a lead on the review and challenge, governance and policy in relation to IT Risk
  • Lead the IT Risk management function and for the oversight, challenge and management of risks related to information and information assets in all facets of ING Neo’s operation
  • Ongoing collaboration with Business, Risk & IT stakeholders to identify future security architecture requirements
  • Provide security advice and expertise and consultancy at all levels of the business and initiatives
  • Ensure compliance with ING Global technology, security and architecture standards where appropriate to ING Neo environment and its initiative.
  • Build and maintain an ongoing relationship with key Business, Risk, IT and CISO's Office stakeholders, be able to be innovative and challenge policy for ING Neo while keeping the bank and its initiatives safe, secure and compliant
  • Ensure there is two-way dialogue alignment between IT and BCO and second line risk teams on emerging threats and appropriate responses to these
  • Oversee the security due diligence process on IT and information security issues for all new service providers / business partners
  • Build security culture in line with Orange Code and establish a programme of staff development to secure required skills and experience to support bank strategy.
  • IT BU Operational Risk representative and NFRC member of ING Neo
  • Approved IT Security Roadmap
  • Up to date Risk workbooks in place for CIO functions
  • IT Risk managed to within Risk Appetite
  • Security addressed in business solutions
  • Alignment to global CISO roadmap
  • Close and seamless working relationship with second and third lines of defence
  • Compliance deficiencies known and mitigation strategies agreed
  • 25% Defend the business:

  • Implementation, running and management of security capabilities:
  • Cyber Resilience - providing extensive coverage of information security topics including those associated with security strategy, incident management, cyber resilience and incident response;
  • Security Monitoring - Monitor Vulnerability and Technical Compliance Status of Systems, Security Alerts and incident response, Static Code Analysis, Dynamic analysis;
  • Security Testing - Conduct and coordinate security testing as per Security Standard requirements
  • Third party sourcing – maintain vendor relationships, work with procurement teams to review suppliers / vendors / solutions to ensure that the organisation's supply chain incorporates assessments of information security capabilities of partners and solutions
  • Secure by Design – ensure security is embedded within SDLC and solutions are developed and deployed to be secure by design
  • Compliant - Ensures all bank-level policies & security standards are followed and adapted to local and regional requirements as required
  • Key Control Testing – Ensure required key control testing completed as required
  • Reporting - Security KRI reporting, ING Neo IT Office reporting for the operational risk committees
  • Audit – Audit liaison, coordination point for internal/external auditors, regarding all IT audit programs. Review and assess all IT audit findings; agree remediation activities and due dates with key stakeholders
  • IT Security Roadmap implemented
  • Security KRI's and reporting
  • Security incidents managed with minimal impact
  • IT Risks and security threats known and managed within appetite
  • Security Capability improvements
  • Timely and accurate reporting for the operational risk committees
  • Audit results
  • IT Audit programs run to schedule
  • 30% Adapt rapidly and cost efficiently:

  • Ensure IT security architecture is simple, cost effective, secure, scalable and reliable
  • Monitor, identify, plan and deliver security capability improvements to support changes in the business
  • Leverage group standard solutions and capabilities where possible
  • Build and maintain relevant business industry knowledge, including trend analysis of internal and external threats
  • Keep up to date with industry developments to ensure the security infrastructure will meet future demands of the business, and will continue to protect the bank
  • IT Security MTP planning
  • Security spend within budget
     
  • 15% Promote responsible security behavior:

  • Improve security awareness and culture and achieve expected security behaviour amongst IT and across the organisation, including business users, technical staff, senior management, systems developers and IT service providers. Expanding the concept of security awareness to include changing behaviours as a means of reducing risk
  • Risk and Control Self Assessments in place for all CIO functions in ING Neo and its initiatives
  • Participate in Head Office review processes & forums
  • Participate in financial services industry forums and working groups
  • Ensure security is embedded in SDLC
  • Ensure Security embedded in IT operations practices for ING Neo and its initiatives
  • Up to date RCSA's in place
  • No policy breaches by IT Risk and Security staff
     
  • Major Challenges

  • Ensuring alignment with the overall IT and business plan
  • Balancing ING Neo initiatives and ING group global requirements
  • Ensuring adoption and buy-in of security practices within ING Neo IT organisation
  • Establishing and maintaining relationships with key Business, Risk, IT and Head Office stakeholders
  • Identifying the key cost effective IT security initiatives within the ING Neo environment
  • Balancing IT Risk and Security priorities
  • Managing security service providers
  • Decisions Expected

  • Definition of the IT security strategy and roadmap; Security controls for risk mitigation, new systems and enhancements; Security Vendor selection; Security Capability initiatives; Security Technology selection; Changes or improvements to internal processes; Prioritisation of the team's activities
  • Recommendations Expected

  • Process Improvements across security within IT; Resourcing/ Priority recommendations; IT Strategy recommendations; risk assessments; Processes / procedures to strengthen security measures and reduce gaps
  • Mandatory policies and procedures that must be adhered to in all roles include:

  • Workplace Health and Safety Policy and Programs - to ensure employees health and safety and the health and safety of others in the workplace
  • Other ING Neo Policies and Procedures|
  • Leadership Team ING Neo, Value Space Lead, Initiative Lead, Delivery and Business Stakeholders:

  • Provide counsel and support on all facets of IT Risk and Security Management, including: threats intelligence, risk identification, incident management, key control testing, audit coordination, KRI reporting, risk mitigation activities, budgeting and finance.
  • What you will bring

  • Tertiary level qualifications in Business, IT or a related discipline, or practical business experience (10+ years)
  • Security Certifications (e.g. CISM, CISSP, CISA, SABSA)
  • Public Cloud Certifications (Azure, GCP, AWS)
  • Risk Certifications (e.g. CRISC, CGEIT)
  • Technical skills:

  • General IT controls (access controls, change controls, physical security)
  • Public and Private Cloud Infrastructure & Security (Azure, GCP, AWS)
  • Experience with infrastructure, networking and security technologies (essential)
  • Understanding of Systems development processes and methodologies
  • Networking protocols and controls (Firewalls, Switches, Routers, IPS, Load Balancing)
    Endpoint Controls (Anti Virus / Anti Spyware, device control)
  • Virtualisation and cloud technologies
  • Vulnerability & compliance scanning tools
  • Secure SDLC and secure coding principles
  • Security Information and Event Management Systems
  • Security policy frameworks (e.g. ISO 27001, COBIT)
  • Risk management
     
  • Previous experience:

  • 10+ years IT experience
  • 5+years' experience in finance Services or internet retail
  • Commercial IT audit/risk management
  • Security and Architecture Consulting experience
     
  • Other skills or competencies:

  • Lead, influence and motivate a team of risk and security specialists
  • Effective interpersonal skills
  • Ability to operate at own initiative with a pro-active attitude, within the directions and confines of management and Bank policy
  • Ability to liaise with a broad range of people, including line management, senior management, external suppliers and related people.
  • What we will offer

    Working at ING means working in a dynamic and international setting. Individual development of our employees is very important and that is why ING offers excellent courses and programs.

    You will work on the most innovative projects within ING. In addition, we offer:
     

    · A competitive salary

    · Working in an area which is of great importance to the strategy of ING

    · A relaxed and fun team

    · An International atmosphere

    · Great training and education opportunities

    How can you apply?

    Are you enthusiastic? Then click on apply. You can express your interest through a letter of application in which you state why you are ideally suited for this position.

    More information?

    We are looking forward to meet you!

    Head of IT security -ING

    ING Group, Amsterdam
    Categories: 
    Quality / Security / Environment, IT, Developer
    Apply before: