Job description

The IT Risk Specialist is a governance expert who supports the Platform Tribe Lead, and Platform IT Area Leads regarding the production and management of deliverables. In addition, he/she supports managing issues and maintaining communication-related to Ing Bank's Global and Local Risk Model. In this role, you will translate cybersecurity and Risk controls into clear actions with a strong relationship with the technical squads.

You make sure that the area is compliant with the organization's policies.

You will work proactively with other risk experts (for example, the Italy Center of Excellence Risk) and other internal/global departments to meet defined policies and standards for information risk management.

Key Responsibilities:

Managing all the risk-related backlog of Platform Tribe, including budgeting, planning, testing, reporting and recommending appropriate remediation measures. Managing oversight and monitoring of risk mitigation and coordination of policy... and controls with the different stakeholders to ensure that other managers take practical remediation steps. Creating and update documentation of identified IT risks and control. Working to facilitate BIA, IT risk analysis and management processes and identify acceptable levels of residual risk.

Designing and conducting risk assessments and data protection impact assessment;
Manage the oversight of technical risk assessments, such as vulnerability scanning and penetration testing. Manage information asset and application risk assessments. Conduct risk reviews for new applications. Manage third-party risk assessments. Creating and maintaining the updated security baseline. Supporting the implementation the Security Monitoring (SEM) Planning and monitoring Vulnerability Scans and Penetration Tests and follow up on the issues detected.

Managing the patching management process and follow up on the problems detected. Managing the life cycle management (LCM) risk of assets. Overseeing the Restore tests with the support of technical squads. Managing the Non-Personal Accounts risk controls and procedures following the Global Framework.

Requirements University degree preferable in Information Technology or similar 3 years’ experience in Tech, IT Security and Risk Management . Proven knowledge of at least one information security and risk frameworks (e.g. ISO
27001, NIST, COBIT, CISSP, CISM, CISA, CRISC)

Experience with ITIL and PM Methodologies. Fluent in English (written and spoken) Advanced user of MS Office, especially Excel Soft skills Result oriented Teamwork Problem-solving Analytical skills Stakeholder management Duration:
Permanent

Work location:

Milan
Milan Metropolitan City of Milan Italy

Salary Criteria