Consultant Proficient Information Security in Amsterdam

ING Office of the CISO is looking for a Consultant Proficient Information Security.
 

ING Office of the CISO focuses on Information Security steering, threat management and assurance. We translate key risks & threats, high-level business requirements and applicable law & legislation into IT Security Standards & Architectures and enterprise wide Information security initiatives to achieve ING's objectives, while delivering threat intelligence  and monitoring the external threat landscape.

The objective of the Global Information Security Management department is to ensure that business strategy and Information Security implementation are aligned on an ongoing basis taking into account applicable security threats, market best practices, risk appetite and cost targets. The main activities are:

• Align the security strategy with other functions in and outside ING.
• Create and maintain IT Security Standards (e.g. User Access, Cryptography, Security Monitoring, Platform and Software Security) with corresponding security norms.
• Coordinate the global implementation of information security requirements to meet agreed security objectives.
• Drive security innovations, processes, and technologies into operations by providing INGs business units with adequate guidance from strategic to technical level.
• Maintain and facilitate an adequate education framework by stimulating co-development of content for awareness, training and certification. Train, coach and/or facilitate workshops for involved teams, ensuring understanding, adoption and secure implementation of the solution.
• Facilitates oversight of the IT Security State.
• Position physical security as an integral pillar to help defend against upcoming threats and new modus operandi

  The team consists of about 12 professionals that operate from Amsterdam with a Bank wide focus on Information Security. Its members are typically experienced and/or highly educated and they have diverse interdisciplinary backgrounds.

Job description

• Strategic Advice
  • Requirements gathering, collect data, analyse the client’s business and provide input to support the strategic decision-making processes. Challenge the validity of given procedures, processes, policies and systems.
  • Advise (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scoping.
  • Support the development of business cases and perform impact analysis.
  • Identify strategic opportunities to make IT security and physical security an integrated/complementary defence layer.
• Solution Design
  • Formulate and test hypotheses and draw conclusions to determine appropriate client solutions, ensuring solution satisfaction for all stakeholders.
  • Specifically design solutions to strengthen physical security measures by implementing IT security and help protect information utilizing physical security.
• Assignment Execution
  • Recognize and articulate problems related to assigned security activities, analyze complex information and create solutions to the hypothesis being developed.
  • Own, lead/manage and guide the efforts in specific areas as per assignment and manage the commitments regarding deliverables.
  • Your primary focus will be all about integration possibilities and strengthening between IT security and Physical Security
• Change and Communication
  • Present and deliver verbal and written messages to senior specialists and senior executive management.
  • Define and present final solution and impact on the organisation, and sustain the rationale for the solution.
  • Facilitate training, workshops, video conferences and work with international (virtual) teams on specific security topics.
  • Help setup, build and maintain a sustainable network of specialists mixing IT Security and Physical Security knowledge throughout the Bank together with CISO and CSI representatives
• Relationship Management
  • Establish and maintain strong and sustainable relationships with clients, team and (senior) stake-holders, during all phases of the life-cycle (including after-care and follow up of the proposed solution), in order to achieve a common goal and demonstrate expertise to lead and influence outcomes.
• Intellectual Capital & Knowledge Sharing
  • Initiate knowledge sharing activities.
  • Keep professional knowledge up-to-date and translate external trends into useable information.

We are looking for

You have an IT background and knowledge of Information Security and you also have experience in/affinity with the area of Physical Security. You will support ING business units to understand key security threats, exposures and vulnerabilities and develop and roll-out guidance to address specific security issues. You will specifically also help create awareness, identify opportunities and initiate/manage activities from those opportunities, around the relations between IT security and Physical Security.

Furthermore you recognize yourself in the following personal profile:

• a Bachelor/Master education or equivalent ability in IT (Security).
• preferably hold one of the following certifications: Certified Information Security Systems Professional (CISSP), Certified Information Security Manager (CISM) and/or Certified It Systems Auditor (CISA).
• preferably relevant physical security certification (like ASIS)
• 5 to 10 years of experience in IT security and relevant experience of physical security
• experience in communication on senior executive level
• experience in managing complex and large scale activities
• familiar with non-financial risk models, IT security architectures and their relationships.
• experience in consultancy and Security/Risk role.
• strong technical knowledge and awareness; including software development, infrastructure, engineering and operations.
• excellent and convincing communication, writing & reporting skills in English.
• a critical, though positive constructive mind set.
• accurate and thorough.
• connect self-reflection and action.
• promote customer-centricity.
• like to continuously develop your (technical) expertise and knowledge.
• like to discover new opportunities when connecting IT security and Physical Security and help setup this relatively new area/focus within CISO
• like to work as an independent professional, i.e. be pro-active, have high quality standards and work according to the planning.
• like to interact and think outside-the-box with Information Security and Physical Security Specialists and Management of ING on a professional level and build positive relationships.

What do we offer

ING’s office of the CISO offers a challenging international Information Security work environment with far-reaching and innovative developments which are implemented globally within ING. Cybercrime threat patterns will stay very fluid over the next years and the organisation need to continuously signal and prepare for this. The pervasiveness of these threats – and potential for physical security involvement/relevance – means ING Security, on a global base, must quickly develop cutting-edge response on top of basic security capabilities, while improving plans preparing for the worst case scenarios. Possibilities for training and personal development. The actual job level depends on knowledge and experience.  
 

A successful extensive background screening is mandatory before the assignment can start.
 

Location

You work in Amsterdam but you might also visit the regions where ING Lines of Business and/or ING Security Capability Providers are active. You are willing and able to travel potentially a few times per year.

For more information please contact Lucja Walczak at