Information Security Auditor

• experience in information security, risk management or compliance,

• strong analytical skills,

• familiarity with third party risk assessment methods and control frameworks such as ISO27001, NIST, COBIT, SOC2,

• excellent written and verbal English communication skills; ability to express thoughts clearly, know how to listen and contribute in a team environment.

You'll get extra points for:

• working knowledge of the financial industry,

• experience in Third Party Security Ratings solutions,

• relevant security certifications such as ISO27001LA, CISA, CISM, CISSP etc.,

• a self-starter and an output-driven team player with experience in fast-paced environments,

• work efficiently and independently with minimal supervision (i.e., self-motivated, and willing to stretch to meet important deadlines).

Your responsibilities:

• conduct information security assessments of suppliers (third party vendors and cloud services) including advising management on how to mitigate any identified risks,

• support the evolution and continuous improvement of vendor risk assessment processes including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of suppliers,

• perform third party compliance risk tracking, trending, analysis, and executive reporting,

• provide guidance to business partners to ensure compliance with information security regulatory requirements and internal policy,

• assist with development and implementation of the third party risk assessment strategy, methodology, and process through the CISO End-to-end Third Party Cyber Risk Management lifecycle.

Information about squad:

Working as part of a team, you provide direction and support in Third Party Risk management, will leverage various sources of data to assess in the end-to-end contracting lifecycle, associated practices of ING suppliers globally, highlight risks and control gaps associated with supplier's security program, categorize the potential risks based on severity, and identify potential mitigation activities. You will work both independently, as well as with both internal and external stakeholders, to determine business risk of control gaps identified during control and risk assessments and collaborate across business lines leading risk assessments and work with other teams within the organization.

The role naming convention in the global ING job architecture will be “Business Control Specialist II”.