Senior Assurance Information Risk Officer @ING Hubs Romania

at  ING

Discover ING Hubs Romania
We started out in 2015 as ING’s software development hub – a distinct entity from ING Bank Romania – then steadily expanded our range to include more services and competencies.
Formerly known as ING Tech, as of 2022 we provide borderless services with bank-wide capabilities under the name of ING Hubs Romania and operate from two locations: Bucharest and Cluj-Napoca.
With the help of over 1600 engineers, risk, and operations professionals, we offer 130 services in tech, non-financial risk & compliance, audit and retail operations to 24 ING units worldwide.
Our tech capabilities remain the core of our business, with more than 1300 colleagues active in Data Management, TouchPoint Channels & Integration, Core Banking, and Global Products.
We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged. Work ethics, honesty and knowledge sharing are key to our teams and we’re always looking for like-minded people

Here’s a sneak peak of what our colleagues say about working within ING Hubs Romania:

• At ING, software and soft skills are equally important | 78% of our IT colleagues agree

The Mission
You will be part of a team of NFR Specialists and Experts located in Amsterdam. The specific tasks of the NFR Assurance team are related to Quality Assurance in Control Compliance and Deep Dives world-wide, providing guidance on Standards and Policies, working on IT Risk & Control Automation, delivering educational services, developing risk tooling, and liaising with other functions (1st & 2nd Line of Defence) world-wide.
Working with a variety of internal stakeholders offers an environment which not only provides the global overview on how Information (Technology) risks are managed, but also provides the opportunity to further support the enhancement of the global NFR control framework.
Your day to day
This new position is part of the NFR Assurance team within the NFR BSF & Assurance department located in Amsterdam, The Netherlands. The role is defined as NFR Specialist – IRM within the global NFR community, very specifically related to the information risk management activities of NFR Assurance. The role reports functionally to the Lead NFR Assurance in Amsterdam and hierarchically to the Head ING Global ORM Center/ ING Hubs Romania.
The NFR Specialist – IRM contributes to the design, preparation and coordination of programs and projects of the NFR function, to challenge, advise and support the identification, analysis, and mitigation by 1st Line of Defense/business of non-financial risks, raising the NFR awareness throughout ING and checks that the 1st Line of Defense/business is complying with the risk appetite and escalates where necessary.

The above translates to the following (non-exclusive) responsibilities:

• Provides Quality Assurance on Control Compliance & (IT) Risk Management activities;
• Participates and/or executes Spot Check and/or Deep Dives on various NFR topics world-wide;
• Participates in designated projects, developments, or business initiatives, advising on information risks, like IT Risk & Control Automation;
• Assists in delivering and facilitating NFR’s educational services;
• Assists with the development of relevant (IT) Risk Tooling;
• Provides interpretation of ING Group (Information Technology) Risk policies & Standards;
• Reviews various technical documentation – Security Baselines, Functional Specification documents, Application Architectures documents etc;
• Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods, and Techniques;
• Participates in or reviews Information Risk Assessments;
• Reviews, challenges, and supports, where needed, the business and/or IT for/during risk assessment sessions for identifying information risks;
• Performs spot checks for verifying the effectiveness of the implemented (IT) controls and recommend remediation based on the outcome;
• Measure and report the implementation of information risk framework throughout the organization;
• Performs Second Line Monitoring role in IT Generic Key Control/SOX Testing processes;
• Performs and assist in other non-financial risk management activities where the requirements arise.

What you’ll bring to the team

We are looking for a motivated colleague who has the following characteristics and capabilities:

• University BSc Degree or equivalent, preferably in IT field;
• 4 - 8 years’ experience in IT Audit or IT Risk Management;
• Knowledge of and experience with IT Audit assignments, IT Control Assessments, or IT Risk Assessments;
• Collaboration skills and ability to work across both functional and geographical lines;
• Pro-activeness and persuasiveness;
• Good analytical skills and sound judgment;
• Fluent in English (written and spoken);
• Travelling up to 10-15%

Would be considered a plus:

• Having professional education and an international certification for Information (Technology) /Risk Management (e.g., ISC2, ISACA accreditations);
• Knowledge of Banking business, processes, procedures, systems, and associated laws & regulations;
• Knowledge and experience in one or more IT Security areas.

• Provides Quality Assurance on Control Compliance & (IT) Risk Management activities;
• Participates and/or executes Spot Check and/or Deep Dives on various NFR topics world-wide;
• Participates in designated projects, developments, or business initiatives, advising on information risks, like IT Risk & Control Automation;
• Assists in delivering and facilitating NFR’s educational services;
• Assists with the development of relevant (IT) Risk Tooling;
• Provides interpretation of ING Group (Information Technology) Risk policies & Standards;
• Reviews various technical documentation – Security Baselines, Functional Specification documents, Application Architectures documents etc;
• Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods, and Techniques;
• Participates in or reviews Information Risk Assessments;
• Reviews, challenges, and supports, where needed, the business and/or IT for/during risk assessment sessions for identifying information risks;
• Performs spot checks for verifying the effectiveness of the implemented (IT) controls and recommend remediation based on the outcome;
• Measure and report the implementation of information risk framework throughout the organization;
• Performs Second Line Monitoring role in IT Generic Key Control/SOX Testing processes;
• Performs and assist in other non-financial risk management activities where the requirements arise