Informacje o stanowisku

Social network you want to login/join with:

• Experience in information security, risk management, or compliance.
• Strong analytical skills.
• Familiarity with third-party risk assessment methods and control frameworks such as ISO27001, NIST, COBIT, SOC2.
• Excellent written and verbal English communication skills; ability to express thoughts clearly, know how to listen, and contribute in a team environment.
• Working knowledge of the financial industry.
• Experience in Third Party Security Ratings solutions.
• Relevant security certifications such as ISO27001LA, CISA, CISM, CISSP, etc.
• A self-starter and an output-driven team player with experience in fast-paced environments.
• Work efficiently and independently with minimal supervision; self-motivated and willing to stretch to meet important deadlines.

Your responsibilities:

• Conduct information security assessments of suppliers (third-party vendors and cloud services) including advising management on how to mitigate any identified risks.
• Support the evolution and continuous improvement of vendor risk assessment processes including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of suppliers.
• Perform third-party compliance risk tracking, trending, analysis, and executive reporting.
• Provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy.
• Assist with development and implementation of the third-party risk assessment strategy, methodology, and process through the CISO End-to-end Third Party Cyber Risk Management lifecycle.

Information about squad:

Working as part of a team, you provide direction and support in Third Party Risk management. You will leverage various sources of data to assess the end-to-end contracting lifecycle and associated practices of ING suppliers globally, highlight risks and control gaps associated with suppliers security programs, categorize the potential risks based on severity, and identify potential mitigation activities. You will work both independently and with both internal and external stakeholders to determine business risk of control gaps identified during control and risk assessments and collaborate across business lines leading risk assessments and working with other teams within the organization.

The role naming convention in the global ING job architecture will be “Business Control Specialist II”.

Katowice - Oferty pracy w okolicznych lokalizacjach