Information Security Risk Analyst

ING Bank Romania is part of ING Group, a global international financial institution, which offers banking services to over 38.4 million individual customers, companies or institutions in over 40 countries.
Founded in 1994, ING Bank Romania is the fourth bank in the top 10 local banks, according to assets, and the only bank with organic growth, without acquisitions of customer portfolios or other banks. ING Bank Romania is a universal bank with over 1.7 million customers in three business segments: individuals (retail), SMEs and Mid-Corporate companies and Wholesale Banking.
ING's mission is to empower people to stay a step ahead in life and in business.

What you bring to the team

• University BSc Degree or equivalent, preferably in IT field;
• 2 – 6 years` experience in IT/IT Security/IT Audit or Risk Management areas;
• Knowledge of Banking business, processes, procedures and systems and associated laws & regulations;
• Collaboration skills and ability to work across both functional and geographical lines;
• Good analytical skills and sound judgment;
• Fluent in English (written and spoken);
• Willing to travel internationally if needed;
• Experience in Business Continuity Management & having professional education and/or multiple international certifications for Information (Technology) Security (e.g. ISC2, ISACA accreditations) would be considered a plus.

Mission

This new position will be created within the ING Regional Information Risk Management Centre (IRIC) and will be located in Bucharest, Romania. The role is defined as a ‘Information Security Risk Analyst’ within the global Information Risk Management community, very specifically related to the regional information risk management activities (including Second Line Monitoring). The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC).
The primary role of the IRIC in Bucharest will be providing support to the ING Bank Information Risk Management community in performing Risk Monitoring activities for Romania based ING entities (e.g. ING Services and ING Bank Romania). Also, other information risk management related activities might be provided by the IRIC to ING entities in countries geographically surrounding Romania (e.g. Turkey). This will help ING business units as well as Corporate Information Risk Management (CIRM) to manage the IT Risk profile of ING Bank in a sound manner.
Within the IRIC Romania, you will be part of a team of Information Risk Management (IRM) Officers and Business Continuity Management (BCM) Specialists dedicated to support the global Information Risk Management functions on various IRM and BCM related activities to ensure that IT risk and Continuity risk are adequately managed.
Working with a variety of internal stakeholders offers an environment which not only provides the global overview on how IT and Continuity risk are managed, yet also provides the opportunity to further support the enhancement of the global IT and Continuity control framework.

Your day-to-day

• Supporting the Head of IRIC Romania with research, fact finding, collecting evidence and documenting activities;
• Contributing to the development and maintenance of Corporate Information Risk Management Strategy, Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;
• Providing interpretation of ING Group IT Risk Policies & Minimum Standards;
• Participating in, challenging and periodically reporting upon the risks of key strategic (IT/BCM) programs and projects;
• Participating in and challenging risk assessments (including Data Classification, Business Impact Assessments or detailed IT Risk assessments) on specific Operational Risk or Information Risk projects and programs;
• Measuring and reporting the implementation of Information (Technology) security framework throughout the organization;
• Supporting strategic and ad-hoc risk analyses, risk papers and risk reports with fact finding, researching and documenting activities;
• Supporting the identification of the impact of and the coordination of responses to law and regulatory changes, internal & external audit reports, etc. and monitoring the follow-up on the regulatory issue solving;
• Contributing to the development and maintenance of a curriculum and training programme, and to training of the IRM-BCM community.
• Performing planned/spot checks for verifying the effectiveness of the controls implemented;
• Reviewing & challenging the Key Control Tests results;
• Performing and assisting in other information risk activities where the requirements arise.