Cybersecurity Engineer

Details

We are seeking a highly skilled Cybersecurity Governance, Risk and Compliance expert to join our Americas region Information Security team. As a Cybersecurity GRC engineer at ING, you will work closely with other members of the Information Security and DevOps teams to ensure the security of our information systems and data. The future candidate of this role must be a well-rounded risk practitioner who possesses a wide range of knowledge across multiple methodologies of Cybersecurity and IT Risk and have a passion for coaching other less experienced members of the IT organization in their journey to properly gauge and evidence risk.

Responsibilities

• Ownership for the IT risk controls and processes groups in line with existing Wholesale Banking paradigm shift strategic initiative.
• Serve as an expert advisor to CISO/GRC leadership in the development, implementation, and maintenance of a strong information privacy and security program to meet ING risk appetite.
• Support the local IT & Cyber Risk community to manage IT & Cyber Risk in ING’s domestic business lines.
• Advise local process owners in designing and implementing IT and Security processes and systems to manage and report IT & Cyber Risk.
• Review and analyze (new) regulations, policies, standards and guiding principles. Integrate and communicate relevant risk and control-related changes to stakeholders in 1st, 2nd or 3rd Line of Defense (LoD).
• Review and evaluate Third-party cyber security risk management for incoming new vendors and solutions for future risks and opportunities to improve IT security and meet compliance.
• Execute APT scenario analyses together with business and IT Security team and manage red/Blue teaming objectives to assess & challenge with 2nd line of defense & corporate audit.
• Coach DevOps to manage secure applications and that can easily produce IT Risk evidence.
• Support continuous improvement on all security maturity initiatives such as risk assessments and initiatives e.g., DLP exfiltration channels and translate business stakeholder requirements.
• Perform deep dives into systems and controls to assess risk.
• Manage IT security standards and procedures to ensure they are developed/updated/reviewed.
• Manage several security services including, security requirements, threat modeling, design reviews secure code review, penetration tests, security training.
• Provide advice on and support the establishment of a culture and mindset with a strong engineering mindset on risk management.

Requirements

• B.S. in Computer Science (or equivalent major) or significant job experience. Top candidates will possess one or more market leading security certifications (e.g. CISM, CISSP, CCSP, CEH).
• At least 5 years' experience in Information Security, Cyber Security regulation compliance, IT Audit, Dev Sec Ops, Cloud Security.
• Strong technical background and knowledge in areas such as network security, cryptography, vulnerability management, and penetration testing.
• Knowledgeable in industry regulations, laws, and standards such as NYDFS, CFTC, FINRA, and SEC rules, and be able to ensure that systems and processes are compliant.
• Clearly communicate complex technical information to both technical and non-technical stakeholders, such as senior management, auditors, and regulators.
• Work effectively as part of a team and collaborate with other stakeholders, such as developers, system administrators, and business users.
• Strong knowledge of Identity and Access Management, Incident Response, Security tooling (SIEM, DLP, IDS/IPS, and endpoint protection, EDR/SDR/XDR).
• Experience with automation tools and techniques to drive IT Risk Automation initiatives.
• Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration.

Benefits

In addition to comprehensive health benefits, a generous 401k savings plan, and competitive PTO, ING provides a broad array of benefits including adoption, surrogacy, and fertility services; student debt assistance; and subsidies for expenses associated with working from home, commuting, and fitness.