The Global CISO organisation of ING is responsible to assist ING management, business and other tribes in providing customer friendly services in a safe and secure way. Business leaders and CISO are jointly responsible for bank-wide security. CISO is mandated to drive required change in all domains, business and IT. Since January 2023, CISO became fully responsible for IT & Cyber Risk Management (in the first line) and beginning April 2023, is additionally responsible for the IT Risk Paradigm Shift.
The IT Risk Paradigm Shift proposes key changes for moving to a more risk based, efficient & effective way of managing our IT Risk including:
- Moving from isolated IT risk on IT assets to an integrated perspective on IT risk in our business
- Rationalising our controls from a broad set of key controls to a differentiation in key and contributing controls
- Shifting 1st line testing and monitoring from evidence checking to quality assurance and pro-active real-life testing of security and reliability
- From compliance based to a risk-based way of measuring risk
- From scattered support to a clear Risk data model & IT architecture
The IT Risk Paradigm Shift Program Manager defines the details of the epics / features in this program, bringing together strong personal subject matter expertise and broader ING subject matter experts.
In this role, the Program Manager is challenging the experts on the basis of the overall objectives of the program and ensures a SMART-ly defined program, including required resourcing, milestones, budget required and due dates. Furthermore, the Program Manager ensures reliable progress reporting and objective realization.
The IT Risk Paradigm Shift Program Manager:
combines program management and IT & Cyber Risk expertise;
- will drive realization of the objectives;
- ensures that impediments are timely flagged and acted upon;
- is able to independently assess the quality of the delivery in the Epics, Features and Stories;
The Program Manager will align closely with, and report directly to, the Global CISO on definition of the activities and ensure the acceptance of deliverables.
- Master’s degree in IT, IT/EDP auditing, business economics or comparable degree
- CRISC certified or similar IT risk related qualifications
- 10-15 years’ professional experience and relevant IT & Cyber Risk experience. Ideally in larger companies and corporate consulting experience. (preferably experience in Risk Consulting for a Big 4 company)
- Subject matter expertise in the area of Cyber, IT risk management, auditing experience is also advantages
- Experienced in senior stakeholder management
- Understanding of IT asset registration/CMDB and IT service management concepts
- Proven experience in delivering services through a transformation program
- Understanding of current IT risk control frameworks like NIST RMS/CSF, ISO27001/2, AICIPA and CIS controls
- Good understanding of finance aspects and budgeting cycle
- Working knowledge of pertinent law and regulations
- Expertise in driving and steering multidisciplinary teams
- Good oral and written communication skills, as well as good negotiation and change management skills
- Can demonstrate success in establishing relationships and influencing decision-making
- Ability to simplify complexity and drive operational excellence
- Strong level of English
- Experience in a financial environment is a plus