Senior Consultant Information Security

With ING in Amsterdam - NL

More jobs from ING

Posted on June 08, 2019

About this job

Job type: Full-time
Experience level: Senior
Role: System Administrator
Industry: Finance, Banking
Company size: 10k+ people
Company type: Public


security, design, risk-management, audit

Job description

ING Office of the CISO focuses on Information Security steering, threat management and assurance.

We translate key risks & threats, high-level business requirements and applicable law & legislation into IT Security Standards & Architectures and enterprise wide Information security initiatives to achieve ING's objectives, while delivering threat intelligence  and monitoring the external threat landscape.

The objective of the Global Information Security Management department is to ensure that business strategy and Information Security implementation are aligned on an ongoing basis taking into account applicable security threats, market best practices, risk appetite and cost targets.

The main activities are: ·        

  • Align the security strategy with other functions in and outside ING.
  • Create and maintain IT Security Standards (e.g. User Access, Cryptography, Security Monitoring, Platform and Software Security) with corresponding security norms. ·        
  • Coordinate the global implementation of information security requirements to meet agreed security objectives. ·        
  • Drive security innovations, processes, and technologies into operations by providing INGs business units with adequate guidance from strategic to technical level. ·        
  • Maintain and facilitate an adequate education framework by stimulating co-development of content for awareness, training and certification. Train, coach and/or facilitate workshops for involved teams, ensuring understanding, adoption and secure implementation of the solution. ·       
  • Facilitates oversight of the IT Security State. The team consists of about 12 professionals that operate from Amsterdam with a Bank wide focus on Information Security. Its members are typically experienced and/or highly educated and they have diverse interdisciplinary backgrounds.

Job description ·        

Strategic Advice

  • Requirements gathering, collect data, analyse the client’s business and provide input to support the strategic decision-making processes. Challenge the validity of given procedures, processes, policies and systems.
  • Advise (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scoping. o   Support the development of business cases and perform impact analysis. ·        

Solution Design

  • Formulate and test hypotheses and draw conclusions to determine appropriate client solutions, ensuring solution satisfaction for all stakeholders. ·        

Assignment Execution

  • Recognize and articulate problems related to assigned security activities, analyze complex information and create solutions to the hypothesis being developed. 
  • Lead and guide the efforts of others in specific areas and manage the commitments regarding deliverables. ·        

Change and Communication

  • Present and deliver verbal and written messages. 
  • Define and present final solution and impact on the organisation, and sustain the rationale for the solution. 
  • Facilitate training, workshops, video conferences and work with international (virtual) teams on specific security topics. ·        

Relationship Management 

  • Establish and maintain strong and sustainable relationships with clients, team and stake-holders, during all phases of the life-cycle (including after-care and follow up of the proposed solution), in order to achieve a common goal and demonstrate expertise to lead and influence outcomes. ·       
  • Intellectual Capital & Knowledge Sharing 
  • Initiate knowledge sharing activities.
  • keep professional knowledge up-to-date and translate external trends into useable information.

We are looking for

You have an IT background and knowledge of Information Security.

You will support ING business units to understand key security threats, exposures and vulnerabilities and develop and roll-out guidance to address specific security issues. Furthermore you recognize yourself in the following personal profile: ·        

  • a Bachelor/Master education or equivalent ability in IT (Security). ·        
  • preferably hold one of the following certifications: Certified Information Security Systems Professional (CISSP), Certified Information Security Manager (CISM) and/or Certified It Systems Auditor (CISA). ·        
  • familiar with non-financial risk models, IT security architectures and their relationships. ·         some years of experience in consultancy and Security/Risk role. ·      
  • strong technical knowledge and awareness; including software development, infrastructure, engineering and operations. ·        
  • excellent and convincing communication, writing & reporting skills in English. ·        
  • a critical, though positive constructive mind set. ·       
  • accurate and thorough. ·       
  • connect self-reflection and action. ·   
  • promote customer-centricity. ·       
  • like to continuously develop your (technical) expertise and knowledge. ·        
  • like to work as an independent professional, i.e. be pro-active, have high quality standards and work according to the planning. ·        
  • like to interact with Information Security Specialists and Management of ING on a professional level and build positive relationships.

What do we offer ING’s office of the CISO offers a challenging international Information Security work environment with far-reaching and innovative developments which are implemented globally within ING. Cybercrime threat patterns will stay very fluid over the next years and the organisation need to continuously signal and prepare for this. The pervasiveness of these threats means ING Security, on a global base, must quickly develop cutting-edge response on top of basic security capabilities, while improving plans preparing for the worst case scenarios. Possibilities for training and personal development.

Location You work in Amsterdam but you might also visit the regions where ING Lines of Business and/or ING Security Capability Providers are active. You are willing and able to travel potentially a few times per year. An extended screening is part of the onboarding process.

Apply here