Security Governance Expert
CISO BE – Security Governance team
50 % work from home
A day in the life of a Security Governance Expert
·As a part of the security governance team, you help develop and implement a comprehensive security strategy aligned with business objectives. You help to continuously assess and refine the security strategy to address evolving threats and business needs.
·Together with your colleagues, you oversee the management of the portfolio of the entire security organisation of ING Belgium, ensuring all projects and initiatives align with strategic goals. This includes planning, execution, and monitoring program management for all security programs (. DORA, ransomware resilience), overseeing the budgets and strategic service level management for all security services consumed by ING BE.
·Develop and maintain security dashboards to provide real-time visibility into security metrics and performance and communicate security status and trends to stakeholders.
·Support the business owners in managing the cybersecurity risks associated with third-party vendors and partners. Implement robust third-party risk management processes.
·Spearhead awareness and communication effort to educate employees on security best practices.
How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.
·You have a talent for taking it on and making it happen, enthusiasm for helping others to be successful and a knack for always being a step ahead.
·You strive to bring fresh ideas to life and embrace challenges in a fast changing and complex environment.
·You will leverage your strong program management skills to ensure efficient and effective execution of security programs and have a talent for bringing structure in the security portfolio.
·You have excellent problem-solving skills and passion for and the ability to redesigning processes that would otherwise pose an impediment to the organisation.
·You have experience in - or are willing to learn about managing third party security risk and interaction with business contract owners.
·Security certifications like CISA, CRISC, CISM or CISSP are appreciated.
As a Security Governance Expert, you will have the opportunity to:
·Be part of and help shape a team in full expansion.
·Make a significant impact on the security posture of a leading company.
·Grow in an organisation where we value your skills and look how to best leverage from them.
·Continuously develop and grow with internal and external training opportunities.
The team
The security governance team is one of the 7 teams in the CISO organisation. The team covers a wide range of topics with the common denominator of having a key impact on strategic decision making with regards to security and being the right hand of the CISO of ING BE:
·Security strategy: we support the CISO in defining and rolling out a security strategy aligned with our global and local stakeholders.
·Security portfolio and program management: we oversee the portfolio of the entire security organisation for Belgium, including taking ownership of the most impactful security programs. As we are also responsible for regulatory contacts for security, we drive regulatory programs like DORA from the security side.
·Security dashboarding: we support the other teams within the security organisation and the TECH organisation overall by providing relevant insights and metrics on the performance of our security processes. We help the CISO steer on the most relevant topics by providing the most relevant insights.
·Third party cyber risk management: we own the process of assessing and monitoring the security risk related to (intra-group) suppliers. We oversee assessments and audits of third parties and monitor appropriate follow-up of identified risks.
·On top of that, we also are responsible for providing awareness towards the organisation and are involved in strategic service level management for security services.