Business Support Function CISO in Amsterdam

Background

The Global CISO organisation of ING is responsible to assist ING management, business and other tribes in providing customer friendly services in a safe and secure way. Business leaders and CISO are jointly responsible for bank-wide security. CISO is mandated to drive required change in all domains, business and IT.

Business Support Functions (BSF’s) are the corporate support functions within ING head office. This is very versatile in nature. The BSF functions include HR, Finance, risk e.a. The BSF CISO function is a new position within ING. This function should be setup from the ground up to improve security in these domains including the supported processes and IT.

Key Responsibilities

• Strategy
  • Assists ING Bank’s Global CISO in formulating vision and strategy, setting objectives for Security and translate these objective into targets, whilst balancing the interests of all stakeholders and focusing on the customer's interests
  • Partners with Group Functions Business & IT leaders to develop a cohesive security strategy, and a roadmap (schedule, cost, effort, benefit model) for strategy implementation
  • Responsible for ensuring security vision and strategy is rolled out consistently across BSF functions

• Leadership
  • BSF CISO hierarchically reports to global CISO
  • Member of global CISO’s management team (MT) and MT COOs for CEO/ COO/ CRO/ CFO
  • Manages the CISO BSF CoE team, which is a virtual team (employees have functional line to BSF CISO)
  • Functionally steers the risk/security professionals in CIO Group Services/IT Risk & Security teams and sets annual objectives and targets
  • Provides security directions for core new projects/solutions/services being designed, constructed, and delivered within the BSF span of responsibility
  • Monitors and reports on execution in terms of vision and strategy to global CISO
  • Proactively advises the BSFs, and challenges where necessary
  • Monitors adequate organisation of security activities and provides guidance around security
  • Actively raises awareness among staff and responsible for establishing available awareness tools and trainings on security. Rollout security curriculum across BSF functions
  • Mentors, develops, and grows next generation security leadership

• Financial
  • Understands the figures and costs for Security activities and staff; Manages cost development
  • Encourages the BSF’s/Tech to initiate improvements focusing on the efficiency and quality of security services

• Knowledge
  • Stays on top of developments in security and financial services; shares and embeds lessons learned
  • Proactively engages with the broader CISO community
  • Collaborate with compliance, risk and IT to ensure required monitoring is in place to meet our regulatory requirements and to provide enhanced monitoring and provides insight in security performance & metrics
  • Partners with external and internal teams/financial institutes/regulators/government bodies to share threat intelligence
  • Develops and maintains an internal/external, international/domestic network in order to promote ING's interests and to increase his/her own professionalism and contribute to knowledge-sharing
  • Makes an active contribution to relevant meetings and events
  • Contributes to the development of ING Bank security control frameworks and reference architectures based on (internal and external) threats identified
  • Coordinates roll-out and monitors adherence to IT security standards and anti-fraud standards
  • Has escalation/veto power in relation to business activities that are judged to present unacceptable threats to ING; Acts as point of escalation for security issues
  • Oversees, manages and responds to major threats and security incidents
  • Collaborates with Data Protection Officer to protect data subject to data privacy regulations and collaborate on data breaches security incident management
  • Supports security related audits
  • Steers the operation of existing applications and services owned by security
  • Reviews and approves risk acceptances/waivers from security perspective as a member of the risk committee

Requirements

Proven track record and technical skills:

• Master’s degree.
• 10 years’ professional experience at management level and relevant information security & fraud management experience. Ideally in large companies and/or corporate consulting experience.
• Subject matter expert in the area of Information Security. Certifications like CISSP and CISM are highly recommended. CISA and other specific information security or fraud management certifications are considered useful
• Strong working knowledge of pertinent law and the law enforcement community
• Sound experience in building strategic roadmaps and proven experience in strategic projects with high impact
• Expertise in driving and steering multidisciplinary teams
• Demonstrated track record of building and maintaining highly collaborative, flexible, and productive cross-organisation teams
• Articulate, persuasive and able to communicate constructive criticism and information security related concepts to a broad range of technical and non-technical audiences (including board level or regulator)
• Outstanding oral and written communication skills, as well as outstanding negotiation and change management skills
• Can demonstrate success in establishing executive relationships and influencing executive decision-making
• Ability to take responsibility, steer strategy and realisations based on facts and data; managerial courage to question and make decisions
• Ability to empower teams to act autonomously, think out of the box and hold them accountable
• Ability to simplify complexity and drive operational excellence
• Ability to support yourself and other team members in development
• Ability to have impact through inspiring and energetic leadership that leads teams through change
• Excellent level of English
• Experience in a financial environment is a plus