Lead Foundational Technology & Cybersecurity Risk

Team Description

The team with two CoEs for Cybersecurity & Foundational Technology Risk is part of the Non-Financial Risk (NFR) domain. The team focuses on identifying managing measuring and mitigating technology-related risks across the organization.

Specifically in focus are IT processes Program and Service Governance Design and Configuration Management Identity and Access Management IT Change Management IT Resilience Security Detection and Response Vulnerability Management and Data Center Management and Networks across the full stack of relevant technologies amongst others IT Infrastructure Cloud Technologies Data Bases and Operating Systems IT4IT. This expertise is matched with deep understanding of cyber risks common and emerging attack vectors and measures to counter them.

The CoE sets frameworks policies and procedures and provides oversight and challenge to the first line of defense supporting INGs global risk management objectives.

Specific Function

The Lead Foundational Technology & Cybersecurity Risk is responsible for directing specialized teams that focus on both cybersecurity risk and foundational technology risk. This role involves establishing and maintaining comprehensive risk frameworks policies and procedures tailored to these domains. The Lead Foundational Technology & Cybersecurity Risk provides ongoing monitoring and oversight of business lines and entities to ensure effective risk management practices are in place. A key part of the position is to identify and address emerging risks in both cybersecurity and foundational technology areas. Additionally both CoEs contributes to quarterly Non-Financial Risk Domain (NFRD) messaging supports in-depth reviews and assessments of the banks ability to withstand future events and rigorously challenges the first line of defense regarding metrics thresholds and limits that inform the banks Risk Appetite Statements.

Job Description

As the Lead Foundational Technology & Cybersecurity Risk you will guide teams focused on both technology and cybersecurity risk establishing and maintaining frameworks policies and procedures to manage these areas effectively. Your responsibilities include overseeing risk identification and mitigation for cybersecurity IT resilience infrastructure cloud and platform security as well as representing the Non-Financial Risk function in governance forums and senior stakeholder meetings. You will drive improvements to risk management practices support and challenge the business on risk appetite and controls and promote a culture of proactive risk management. The role also involves engaging regularly with both internal and external stakeholders including regulators and senior leaders to ensure robust oversight and compliance.

Specific Tasks and Responsibilities

• Lead the development and maintenance of IT risk-related frameworks policies procedures and templates.

• Represent NFR in governance forums and senior stakeholder discussions.

• Oversee the identification registration and reporting of all material operational risks.

• Support and conduct thematic deep-dives and reviews.

• Identify and assess emerging risks and recommend mitigating actions.

• Support policy implementation and ensure embeddedness across the organization.

• Challenge the first line of defense on risk metrics and thresholds.

• Manage direct reports (up to 10 FTEs) and foster team development.

• Steering of FTEs from INGs hubs that extend the capacity of the local team.

• Liaise with internal stakeholders (MT CTO country Heads of IT local Heads of IRM MT NFR) and external stakeholders (ECB DNB ORX other regulators).

Specific Knowledge and Experience

• Masters degree in Computer Science Mathematics Engineering or equivalent.

• Minimum of 10 years leadership experience in preferebly technology functions (1LoD) and ideally IT Risk Management (CISO or IRM functions).

• Strong expertise in data centers infrastructure cloud platform and business applications.

• Deep knowledge of risk types: Cybercrime (Resilience) IT Resilience Foundation Identity and Access Management IT Change Management Platform Security Security Monitoring.

• Solid understanding of non-financial risk management and relevant regulations (e.g. DORA EBA MARisk).

• Experience managing cross-country teams.

• Strong analytical problem-solving and delivery skills.

• Excellent communication and stakeholder management skills.

• Ability to lead through change and ambiguity.

• Cultural sensitivity and ability to work across geographies.

Required Soft Skills

• Change leadership and adaptability: Demonstrates the ability to lead through change and uncertainty quickly adjusting to shifts in the external risk environmentwhether driven by regulatory developments societal trends or emerging risk types. Able to guide teams through transformation and maintain focus in a continuously evolving landscape.

• Risk-based decision-making and focus: Applies a risk-based mindset to prioritize what truly matters makes courageous decisions in complex situations and maintains focus on areas with the greatest impact for the organization.

• Hands-on approach: Willingness to actively engage in operational details and lead by example ensuring practical solutions are implemented effectively.

• Positive mindset and can-do mentality: Demonstrates optimism and resilience inspiring the team to overcome challenges and pursue continuous improvement.

• Cooperative yet able to be strict: Balances collaboration with the ability to enforce standards and make tough decisions when necessary.

• Consistency: Maintains a reliable and steady approach in decision-making communication and execution of responsibilities.

• Strong collaboration skills: Excels at building relationships across teams departments and geographies to achieve shared goals.

• Constructive influence: Encourages open dialogue provides clear direction and fosters a culture of accountability and trust.

Reporting Line and Classification

Lead Foundational Technology & Cybersecurity Risk reports hierarchically to the Global Head of IT Risk Management located in Amsterdam

This position is classified as: GJA Head of NFR I JG 21 Job Title: Lead Foundational Technology & Cybersecurity Risk Job Family Group: Non-Financial Risk Job Family: Non-Financial Risk