Information Security Analyst

at  ING

40-121 Katowice, województwo śląskie, Poland -

Start DateExpiry DateSalaryPosted OnExperienceSkillsTelecommuteSponsor Visa
Immediate04 Dec, 2024Not Specified07 Sep, 2024N/AGood communication skillsNoNo
Add to Wishlist Apply All Jobs
Required Visa Status:
CitizenGC
US CitizenStudent Visa
H1BCPT
OPTH4 Spouse of H1B
GC Green Card
Employment Type:
Full TimePart Time
PermanentIndependent - 1099
Contract – W2C2H Independent
C2H W2Contract – Corp 2 Corp
Contract to Hire – Corp 2 Corp

Description:

We are looking for you, if you have:

  • experience in information security, risk management or compliance,
  • strong analytical skills,
  • familiarity with third party risk assessment methods and control frameworks such as ISO27001, NIST, COBIT, SOC2,
  • excellent written and verbal English communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment.

You’ll get extra points for:

  • working knowledge of the financial industry,
  • experience in Third Party Security Ratings solutions,
  • relevant security certifications such as ISO27001LA, CISA, CISM, CISSP etc.,
  • a self-starter and an output-driven team player with experience in fast-paced environments,
  • work efficiently and independently with minimal supervision (i.e., self-motivated, and willing to stretch to meet important deadlines).

Your responsibilities:

  • conduct information security assessments of suppliers (third party vendors and cloud services) including advising management on how to mitigate any identified risks,
  • support the evolution and continuous improvement of vendor risk assessment processes including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of suppliers,
  • perform third party compliance risk tracking, trending, analysis, and executive reporting,
  • provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy,
  • assist with development and implementation of the third party risk assessment strategy, methodology, and process through the CISO End-to-end Third Party Cyber Risk Management lifecycle.

Information about squad:
Working as part of a team, you provide direction and support in Third Party Risk management, will leverage various sources of data to assess in the end-to-end contracting lifecycle, associated practices of ING suppliers globally, highlight risks and control gaps associated with supplier’s security program, categorize the potential risks based on severity, and identify potential mitigation activities. You will work both independently, as well as with both internal and external stakeholders, to determine business risk of control gaps identified during control and risk assessments and collaborate across business lines leading risk assessments and work with other teams within the organization.
The role naming convention in the global ING job architecture will be “Business Control Specialist II”

Responsibilities:

  • conduct information security assessments of suppliers (third party vendors and cloud services) including advising management on how to mitigate any identified risks,
  • support the evolution and continuous improvement of vendor risk assessment processes including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of suppliers,
  • perform third party compliance risk tracking, trending, analysis, and executive reporting,
  • provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy,
  • assist with development and implementation of the third party risk assessment strategy, methodology, and process through the CISO End-to-end Third Party Cyber Risk Management lifecycle


REQUIREMENT SUMMARY

Min:N/AMax:5.0 year(s)

Financial Services

IT Software - Network Administration / Security

Finance

Graduate

Proficient

1

40-121 Katowice, Poland