Junior Security Analyst @ING Tech

Discover ING Tech
ING TECH is an international hub for technology & innovation, developing IT solutions across ING in areas such as Core Banking, Big Data, Financial Markets, Data Management, Touch Point Architecture and many more. By using the latest methodologies in software development, our fast growing team gathers more than 650 tech enthusiasts who work for international projects that go beyond traditional banking.

Mission
Touchpoint Platform is an open technology platform. A place where producers can share services and consumers can combine these services into scalable business propositions across the bank and third parties. Touchpoint provides one flexible and modular architecture that simplifies and standardizes our applications, helping ING become scalable across the globe.
Within the IT world the applications we build are subject to various threats and risks. Information technology or IT risk is basically any threat to the business data, critical systems and business processes. It is the risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an organization. IT risks have the potential to damage business value and often come from poor management of processes and events. In order to deal with these risks and ensure our product is safe we have a number of procedures and controls in place.
Touchpoint Platform’s components are developed by engineers organized in DevOps squads. For each of these components the corresponding risk controls have to be implemented and maintained.

Your primary mission is to help the DevOps squads of TouchPoint Architecture to implement these IT Controls and to prove the controls are implemented effectively.

Your day to day
• Your main responsibility is to ensure we are in control of our risk appetite.
• You have to define and document adequate risk processes and collect the evidence that we follow them. Next to this you have to make sure that the different risk parties (1st line, 2nd line and 3rd line) agree with the evidence.
• Responsible for developing and editing documents and reports in the English language as per operations and project management requirements and specifications including.
• Write the risk documentation
• Provide documentation support to the technical team
• Interface with developers and operation engineers to define the specifications
• Understand the need for security and apply it using the existing security framework
• Show proactivity and flexibility, come up with plans of action and adapt approaches if necessary.
• Understand the corporate climate and culture and act as an ambassador

What you bring to the team
• On average 2-3 years of experience in either IT Governance or IT risk/ IT Control implementation
• Technical background (preferably, a graduate of a technical form of higher education)
• Ability to understand the risk processes in an IT environment
• Hands-on and pro-active delivery attitude
• Being able to overcome resistance, work in short sprints, work closely with diverse teams
• Able to make clear and convincing statements on the risk based
• Preferably experience with Agile working
• Project management experience is a plus
• Fluent in English (spoken and written) is mandatory