IT RISK & Security Expert

Role Purpose

The IT Risk & Security Expert is responsible for advising planning coordinating and ensuring compliance with IT Risk and Cybersecurity controls across Tribes and IT domains.

The role acts as a trusted partner for Product Owners IT Area Leads Tribe Leads Not Retail Areas referents and Central IT Security functions ensuring that technology changes and operations adhere to ING Policies Minimum Standards and IT Risk frameworks

Key Responsibilities

1. IT Risk Governance & Control Compliance

• Accountable for maintaining the IT Risk & Security compliance of the Tribes assets with proper evidence management and reporting.
• Ensure full compliance with IT Risk controls throughout the Change Management Process guaranteeing a green before live maturity level.

Define and maintain a sustainable annual IT Risk plan for the Tribe.

2. Stakeholder Engagement & Guidance

• Engage Tribe Leads Product Owners IT Area Leads third parties and other stakeholders to ensure IT Risk & Cybersecurity controls are identified embedded and prioritized in the Tribe backlog.
• Provide visibility on the risk program deliverables walkthroughs and expected timelines.
• In case of bigger activities act as a project manager for the needed task
  

3. Single Point of Contact for Risk & Security

• Act as the SPOC between the Tribe and:
  • Central IT Risk COE
  • CISO team
  • Not Retail Areas
• Identify impediments related to IT & Cybersecurity risks and drive remediation with the appropriate teams.
  

4. Risk Roadmap & Collaboration with Central Functions

• Collaborate with IT Risk & Security COE CISO and IT Custodian roles to assess risk impacts roadmap priorities and asset specific needs.
• Support the Tribe Lead and IT Area Lead in all IT & Cybersecurity Riskrelated topics.
  

5. Training Awareness & Expertise Sharing

• Serve as the focal point for IT & Cybersecurity Risk topics within the Tribe.
• Continuously train team membersespecially new joinerson controls templates processes and updated risk requirements.
  

6. Audit & Assurance Support

• Support audits internal and external maturity assessments.
  

Required Skills & Competencies

What are we looking for

• Solid understanding of GRC frameworks regulations and compliance standards (ISO/IEC 27001 NIST CSF CIS NIS2 SOC 1/2 DORA)
• Experience in managing policies KRIs and risk reporting at the executive level.
• Project Management and coordination experience
• Knowledge of Cybersecurity principles incident management and IT control requirements.

• Strong stakeholder management and communication.
• Ability to challenge influence and support decisionmakers.
• Analytical mindset paired with structured riskbased thinking.
• The skillset of a team player
• Team working and problem solving
• Ability to work in a multicultural working environment
• Very good communication skills (at all levels from professionals to senior managers) verbal and on paper. English is the global professional language in ING

Experience & Education

• Degree in Information Technology Engineering Computer Science Economics or equivalent.
• 3 years of experience in IT Risk Management Information Security or Cybersecurity roles preferably in complex and international environments.
• Certifications such as CISSP CISM CRISC CISA or equivalent (e.g. Dutch RE) are a plus.

Working conditions: Full Time

Duration: Permanent

Location:Milan (hybrid)

About ING

ING offers many opportunities to build a diverse and rewarding career. You will be joining an international innovative digital bank the first in Italy to adopt a fully flexible smart working model and you will be working in a stimulating environment where you can grow both as an individual and as a professional. Our purpose - empowering people to stay a step ahead in life and in business - represents our belief in peoples potential. We dont judge coach or to tell people how to live their lives. We empower people and businesses to realize their own vision for a better future.
#doyourthing is our brand direction with us each and every day. It is how we articulate our purpose and our promise to make banking frictionless to the world.
do your thing is about people being free to live the life they want to live knowing that they will make their world a little better for it.
Do you think you are a step ahead Apply now!

The benefits of joining ING

In addition to being a part of a great team working in a fun and innovative environment we offer:

• Super flexible smart working

• Competitive base salaries and performance based bonuses

• Diverse cultures & Innovative mindsets

• International Environment

• Commitment to sustainability

• Lots of training development opportunities to help you grow

• Lots of moments dedicated to physical and mental well-being

• A special day off when it is your birthday: we call it #doyourbirthday!

• And of course we cant forget: free water & coffee at the office!

Our Commitment

Diversity is a fundamental element of our corporate culture and we are fully committed to creating a safe and inclusive environment based on mutual respect and the value of diversity offering equal job opportunities to all qualified candidates.

Job Application Safety Reminder

Were seeing an increase in fraudulent job offers. To protect yourself please follow these key guidelines when applying for roles at ING:

• Apply only via official ING platforms: ING usesWorkdayas its internal recruitment system. Applications should be submitted only via our official career site.

• Check the senders email carefully: legitimate communication will always come from: @ and/or @

• No payments or banking details will ever be someone asks for this information its a scam.

If you suspect suspicious activityreport it immediately. Your safety matters to us.