Nivel cariera

Entry (0-2 ani), Middle (2-5 ani)

Limbi vorbite


Adresa/adresele jobului


This new position is part of ING Regional Information Risk Management Centre (IRIC) located in Bucharest, Romania. The role is defined as ‘Information Security Risk Analyst’ within the global Information Risk Management community, very specifically related to the regional information risk management activities (including Second Line Monitoring). The role reports hierarchically to the Head of the ING Regional Information Risk Management Centre (IRIC).

The Information Security Risk Analyst plays the role of a risk management advisor which helps the business in managing its information risks to acceptable levels, within the risk appetite. He/she does that by monitoring & challenging the implementation of information risk policies and minimum standards and by providing risk management support and advice, when needed.

Your day to day

•Provides interpretation of ING Group Information (Technology) Risk policies & Minimum standards

•Contributes to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;

•Facilitates Business Impact Assessments in order to perform Data Classification for new or existing information assets/systems;

•Participates in or reviews Detailed Risk Assessments/Baseline Control Analyses;

•Reviews various technical documentation – Application Operational Security Guidelines, Functional Specification documents, Application Architectures documents etc.;

•Reviews, challenges and support, where needed, the business and/or IT  for/during risk assessment sessions for identifying information security risks;

•Performs planned/spot checks for verifying the effectiveness of the (IT) controls implemented and propose remediation solutions based on the outcome;

•Participates in designated projects, developments or business initiatives, advising on information security risks;

•Provides support to business during internal or external audit sessions, including Penetration Tests & Ethical hacks;

•Measure and report the implementation of information risk framework throughout the organization;

•Performs Second Line Monitoring role in IT Generic Key Control/SOX Testing processes;

•Provides support during (IT) security incidents & investigations;

•Supports the identification of the impact of and the coordination of responses to law and regulatory changes and monitors the follow-up of the regulatory issue solving;

•Implements and maintain a Risk Awareness framework;

•Becomes part of virtual risk teams and/or risk flying squads for assessing the effectiveness of (IT) controls implemented or maturity of IT processes, where designated by the Corporate Information Risk Management department;

•Performs and assist in other risk activities where the requirements arise.


Who we are looking for:

We are looking for a motivated new colleague who has the following characteristics and capabilities:

•University BSc Degree or equivalent, preferably in IT field

•– 4 years’ experience in  IT/IT Security/IT Audit or Risk Management areas

•Knowledge of Banking business, processes, procedures, systems and associated laws & regulations

•Collaboration skills and ability to work across both functional and geographical lines

•Good analytical skills and sound judgment

•Fluent in English (written and spoken) 

•Willing to travel internationally if needed


Would be considered a plus:

•Having professional education and an international certification for Information (Technology)/Risk Management (. ISC2, ISACA accreditations)

•Experience in Business Continuity Management