Zoek in 375 Vacatures voor financiële specialisten

Corporate Information Risk Management – Non-Financial Risk Officer - IRM - ING

Locatie: Amsterdam

The Non-Financial Risk Officer - IRM plays the role of a risk management advisor which helps ING in managing its information risks within the risk appetite.

Job profile

This new position is part of the Independent Validation Unit (IVU) within the Corporate Information Risk Management (CIRM) department located in Amsterdam, The Netherlands. The role is defined as Non-Financial Risk Officer – IRM within the global Information Risk Management community, very specifically related to the information risk management activities of CIRM IVU. The role reports hierarchically to the Head of Corporate IRM Independent Validation Unit.

The Non-Financial Risk Officer - IRM plays the role of a risk management advisor which helps ING in managing its information risks within the risk appetite. He/she does that by monitoring & challenging the implementation of information risk policies and minimum standards and by providing risk management support and advice, when needed.

The above translates to the following (non-exclusive) responsibilities:

  • Provides Quality Assurance on Control Compliance & IT Risk Management activities;
  • Participates and/or executes Spot Check and/or IT Risk & Maturity Assessments world-wide;
  • Assists in delivering and facilitating Corporate IRM’s educational services;
  • Assists with the development of relevant (IT) Risk Tooling;
  • Provides interpretation of ING Group Information (Technology) Risk policies & Minimum standards;
  • Reviews various technical documentation – Security Baselines, Functional Specification documents, Application Architectures documents etc.;
  • Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;
  • Participates in or reviews Information Risk Assessments;
  • Reviews, challenges and supports, where needed, the business and/or IT  for/during risk assessment sessions for identifying information risks;
  • Performs spot checks for verifying the effectiveness of the implemented (IT) controls and recommend remediation based on the outcome;
  • Participates in designated projects, developments or business initiatives, advising on information risks;
  • Measure and report the implementation of information risk framework throughout the organization;
  • Performs Second Line Monitoring role in IT Generic Key Control/SOX Testing processes;
  • Performs and assist in other non-financial risk management  activities where the requirements arise.

Your work environment

Within the CIRM IVU, you will be part of a team of IRM Officers located in Amsterdam and Bucharest. The specific tasks of the CIRM IVU team are related to Quality Assurance in Control Compliance and IT Assessments world-wide, providing guidance on Standards and Policies, delivering educational services, developing risk tooling and liaising with IT, IT Risk and IT Security functions (1st & 2nd Line of Defence) world-wide.

Working with a variety of internal stakeholders offers an environment which not only provides the global overview on how Information (Technology) risks are managed, but also provides the opportunity to further support the enhancement of the global IT (and Continuity) control framework.

Who we are looking for

We are looking for a motivated colleague who has the following characteristics and capabilities:

  • University BSc Degree or equivalent, preferably in IT field;
  • 4 - 8 years’ experience in IT Audit or IT Risk Management;
  • Knowledge of and experience with IT Audit assignments, IT Control Assessments or IT Risk Assessments;
  • Collaboration skills and ability to work across both functional and geographical lines;
  • Pro-activeness and persuasiveness;
  • Good analytical skills and sound judgment;
  • Fluent in English (written and spoken);
  • 15% to 25% of travelling is required in this position.

Would be considered a plus:

  • Having professional education and an international certification for Information (Technology) /Risk Management (e.g. ISC2, ISACA accreditations);
  • Knowledge of Banking business, processes, procedures, systems and associated laws & regulations;
  • Knowledge and experience in one or more IT Security areas.
Location: Amsterdam

Information and application:


Please send your application for Corporate Information Risk Management – Non-Financial Risk Officer - IRM at ING in Amsterdam including your CV via our website.

Job posted

28 juni 2019
Apply Now

More information:

Kinga Marcela

Wil je deze vacature delen met je netwerk?

delen via Facebook delen via LinkedIn delen via Twitter Tell a friend Print vacature