IT Security / DevSecOps Engineer (Controls & Compliance) – ALM Applications
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
DevOps @ 3
Hiring @ 3
Communication @ 3
Mentoring @ 3
Audit @ 2
Compliance @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
ING Hubs Poland is hiring!
The expected salary for this position: 9000 – 19000 PLN gross
The financial ranges specified in the announcement are adjusted and may differ from the range specified in the remuneration regulations.
We are looking for you, if you:
- Have experience translating security policies and IT risk/control standards into actionable requirements for engineering and operations teams.
- Can implement and document security measures keeping applications compliant with IT Risk Policies, Minimum Standards and Process Control Standards.
- Can explain security requirements clearly to stakeholders (DevOps, Ops, Product/Business, Risk & Security) and drive alignment.
- Have experience coordinating, carrying out and documenting IT security test procedures (e.g., SOX/ITGC or other regulatory requirements where applicable).
- Are responsible for evidencing of applied security controls, keeping the IT Risk Measurement Platform (ITRMP) up-to-date and supporting internal and external auditing.
- Can coordinate user access management of the applications (joiner/mover/leaver, access reviews, traceability and documentation).
- Speak English at B2+ level and communicate confidently in an international environment.
You'll get extra points for:
- Experience with ITRMP / security control evidencing templates and control automation concepts (reducing manual effort while staying compliant).
- Familiarity with audit evidence packs and supporting internal/external audits in regulated environments.
- Background in DevOps / platform engineering, security hardening, or security champion roles within engineering teams.
- Experience coordinating IAM/access governance and periodic access reviews for business-critical applications.
Responsibilities
- Translate security policies and IT risk control standards into implementable requirements for ALM applications and ensure they are implemented and documented.
- Coordinate, execute and document IT security test procedures and required evidence (incl. SOX/ITGC or other regulatory requirements where applicable).
- Own evidencing of applied security controls; collect, validate and store evidence; keep ITRMP control status and key fields accurate and up-to-date; support audits and follow-ups.
- Explain security requirements to stakeholders and coordinate remediation actions to closure.
- Coordinate user access management for ALM applications (requests, approvals, periodic reviews, traceability and documentation).
- Promote “automation first” for controls and evidence where feasible, using agreed approaches and templates to reduce TOIL while maintaining compliance.
Requirements
- Experience translating security policies and IT risk/control standards into actionable requirements for engineering and operations teams.
- Experience implementing and documenting security controls and compliance evidence (including SOX/ITGC or similar regulatory requirements where applicable).
- Experience with user access management and access reviews for business-critical applications.
- Ability to coordinate with multiple stakeholders (DevOps, Ops, Product/Business, Risk & Security) and drive alignment and remediation.
- Experience maintaining or working with IT Risk Measurement Platform (ITRMP) or similar control evidencing tools.
- English communication at B2+ level.
Information about the team & Benefits
You’ll join a team supporting critical ALM applications in a regulated environment. The team values efficiency, clear documentation and audit-ready execution. You will receive onboarding support, mentoring, and a structured learning plan for key topics.
Benefits mentioned include: stable employment contract (UoP), annual bonus (13th salary), private medical care, insurance, Multisport card, PPE, hybrid work, company equipment, and subsidies for phone, glasses, tickets, and meals.
The role naming convention in the global ING job architecture will be “Engineer III”.
The financial ranges specified in the announcement are adjusted and may differ from the range specified in the remuneration regulations.