IT Security Officer in Amsterdam

Bank Mendes Gans (BMG) 

Bank Mendes Gans is part of ING and is the only bank in the world to engage exclusively in liquidity and information management solutions for Fortune 500 multinationals like Facebook, Huawei, Samsung, Micheal Kors, Versace, Groupon, McDonalds, Ebay, Duracell and Dow Jones. We operate a bank-independent model and we handle most of the world’s convertible currencies. 

We don’t compete with your local banks - we cooperate with them. We work multi-currency, multi-country and multi-bank. This allows for a smooth implementation of your liquidity management strategy. Especially if your company has decentralized management, subsidiaries in different countries, different legal and tax regimes, and a large number of bank accounts, bank relationships and banking systems. As we offer overlay solutions on top of existing local bank infrastructure, there is no need to change banks.

Agile way of working
At BMG delivery we work Agile in DevOps squads whom are fully responsible for their application from A to Z, this means that feedback and fast learning is a critical part of your day to day job. We believe that feedback is essential for growth and put high value on effective feedback skills. We have an open culture to facilitate this and short lines to ensure support for valuable feedback. This requires that you work intensely together with your college's inside and outside your squad.

The Mission 
Keeping the company safe, secure and compliant is a top priority at ING.

As part of the IT Security team your focus will be on providing security subject matter expertise and education and instilling the core security mindset and culture. You will be contributing to the delivery of various control improvements, assessing risks, creating awareness in cyber security and act as a security liaison for the delivery teams.

Working at BMG Delivery

Customer satisfaction is priority number one. It lies at the core of everything we do. We specialize in international liquidity and information management and we are strongly committed to our clients’ success.

So, whatever your professional skills, you should recognize yourself in the following characterizations:

• Customer-oriented attitude
• Effective communication skills
• Dedication to your job
• True hands-on mentality
• Teamplayer
• High standard of work (Clean coding)

Main responsibilities:

Providing IT security advisory and guidance to teams involved in development & support

Help teams in their information security and risk journeys: liaise with the BMG teams to ensure appropriate security controls are implemented.

• Active member in local Incident response team, with a focus on Cyber Security Incident Response (including Scenario Analysis, Runbook development and testing)
• Security Alerts handling/follow-up (phishing, antimalware, etc)
• Review and approve Application Security Baselines
• Review and challenge the security of External connections
• Participate as an active member in IT Security trainings & awareness campaigns & activities
• Challenge & Review Security Monitoring implementation & Scope. Review Security Event Monitoring implementation & alerts
• Review challenge vulnerability & penetration test reports and remediation plan & follow-up on remediation plan
• Check Vulnerability scan reports and follow up on remediation
• Ensure full compliance to the standards and policies set
• Stakeholder in relevant risk assessment exercises and meetings

Job Requirements:

Knowledge and experience:

• 3-4 years (preferably in Software company or Financial institution) in an IT security role
• Understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
• Familiarity with cloud security controls and best practices.
• Experience in developing cyber-security risk and incident management processes and a solid understanding of cyber threat landscape
• Familiar with ISO2700x, NIST, ISF, CIS and similar frameworks
• Nice to have: relevant security certifications (e.g.  ISC2 SSCP/CISSP, ISACA CISM/CISA/CIRISC, CompTIA Security+, EC-Council CEH, ISO/IEC 27001)

Competencies: 

• Excellent written and verbal communication skills – ability to explain technical solutions to both technical and non-technical audiences;
• Team player
• Strong sense of ownership, urgency, and drive
• Customer-focused and enjoy working as part of a team
• Strong capabilities to build internal confidence in a situation of constant change
• Strong problem solving and analytical thinking - ability to diagnose and resolve ambiguous problems;
• Strong resilience to stress and constructive and collaborative mindset;
• Willingness to continuously improve skills;
• Willingness to support and coach less experienced colleagues; provide help when needed and criticize in a constructive manner;
• Support for creating a friendly work environment based on respect, trust and partnership values.
• Integrity and honesty