Security Architect in Amsterdam

Security Architect

Background

ING Office of the CISO focuses on cybersecurity steering, threat & vulnerability management, and response. We translate key risks, business requirements and applicable laws & legislations into architectures and accompanying enterprise-wide security programmes to achieve ING's strategic objectives, while delivering threat detection and response services to the ING organization on a global level.

The objective of the Security Architecture department is to ensure that IT strategy and cybersecurity implementations are aligned on an ongoing basis considering applicable technology solutions, good practices, risk appetite and cost targets. As such the department delivers both conceptual designs as well as technical/physical designs in close consultation with DevOps engineers.

Key Responsibilities

Main activities are:

• Leading the design, providing guidance, and performing verification of architecture implementation on global programmes, specifically:
  • Software lifecycle (CI/CD) security
  • Platform security
  • Application security
• Assessing security design and operations of software development and operations
• Developing security norms and controls for CI/CD, preferably in a security-as-code formats
• Architecture artefacts lead and delivery
  • Formulating and testing hypotheses and drawing conclusions to determine appropriate security solutions/services for ING in a global perspective
  • Designing architecture on conceptual and logical levels ensuring the optimal match between technology, fit-to-infrastructure (feasibility of deployment), costs, user acceptance, measurability, and flexibility/scalability together with a virtual team of domain and enterprise architects
  • Specifically designing key components that must be enforced and can be measured automatically
  • Maintaining and updating the Global Architecture/Security Standard taking relevant (technological, organisational) changes into consideration as well as keeping pace with innovations and trends in the industry/market

Requirements

• Fluent in technical and conceptual aspects of cybersecurity, specifically on:
  • Secure software development
  • (Web) application controls
  • Infrastructure security
• Background in exact science
• Field experience in operational and development activities with emphasis on security 
• Insight and experience in implementation of desired structural infrastructure solution at large corporates
• Good knowledge main network protocols (TCP, UDP, ICMP)
• Good automation/coding skills:
  • Proficient with Ansible (yaml) and DSC
  • Designing code repositories
  • Building automation pipelines
• Furthermore, the following personal profile:
  • Ability to take ownership and responsibility
  • Excellent analytical skills and clear way of expressing abstract concepts
  • Experience in producing and presenting security architectures on a conceptual to physical level
  • Experience in effective communication on management level
  • Excellent writing & reporting skills in English
  • Determination to continuously develop your (technical) expertise and knowledge
  • Willingness to travel (up to 25%, mainly in Europe)