DevSecOps Engineer (Controls, Compliance & Operations) – ALM Applications

• Have experience translating security policies and IT risk/control standards into actionable requirements for engineering and operations teams.

• Can implement and document security measures keeping applications compliant with IT Risk Policies, Minimum Standards and Process Control Standards.

• Can explain security requirements clearly to stakeholders (DevOps, Ops, Product/Business, Risk & Security) and drive alignment.

• Have experience coordinating, carrying out and documenting IT security test procedures (e.g., SOX/ITGC or other regulatory requirements where applicable).

• Are responsible for evidencing of applied security controls, keeping the IT Risk Measurement Platform (ITRMP) up-to-date and supporting internal and external auditing.

• Can coordinate user access management of the applications (joiner/mover/leaver, access reviews, traceability and documentation).

• Speak English at B2+ level and communicate confidently in an international environment.

• Have experience or strong interest in operational application management in a regulated IT environment, including incident, problem, change and configuration management.

• Understand how application stability, monitoring, capacity, lifecycle management and security controls contribute to reliable business-critical platforms.

• Are comfortable working with stakeholders from IT, Operations, Risk, Security, business users and infrastructure teams to keep applications stable, secure and audit-ready.

• Have a structured and hands-on approach to operational follow-up:analysingincidents, supporting root cause analysis, documenting outcomes and driving improvement actions.

You'll get extra points for:

• Experience with ITRMP / security control evidencing templates and control automation concepts (reducing manual effort while staying compliant).

• Familiarity with audit evidence packs and supporting internal/external audits in regulated environments.

• Background in DevOps / platform engineering, security hardening, or security champion roles within engineering teams.

• Experience coordinating IAM/access governance and periodic access reviews for business-critical applications.

• Experience in application management, operations or infrastructure roles, especially in environments based on Windows Server, Microsoft SQL Server, Azure DevOps and Microsoft-based application components.

• Experience with ServiceNow / CMDB alignment, change implementation support, deployment governance, patching coordination, backup/restore alignment, disaster recovery testing or security event monitoring.

• Understanding of Agile/Scrum delivery, sprint-based planning and close cooperation between development, operations and business stakeholders.

• Interest in automation, AI-assisted development or control automation that reduces manual operational effort while maintaining compliance and traceability.

Your responsibilities:

• Translate security policies and IT risk control standards into implementable requirements for ALM applications and ensure they are implemented and documented.

• Coordinate, execute and document IT security test procedures and required evidence (incl. SOX/ITGC or other regulatory requirements where applicable).

• Own evidencing of applied security controls; collect, validate and store evidence; keep ITRMP control status and key fields accurate and up-to-date; support audits and follow-ups.

• Explain security requirements to stakeholders and coordinate remediation actions to closure.

• Coordinate user access management for ALM applications (requests, approvals, periodic reviews, traceability and documentation).

• Promote “automation first” for controls and evidence where feasible, using agreed approaches and templates to reduce TOIL while maintaining compliance.

• Support operational management of ALM applications by helping to keep the platform stable, standardized, secure and compliant.

• Support Incident, Problem, Change and Configuration Management activities related to ALM applications, including follow-up on operational findings and improvement actions.

• Support availability, performance, monitoring, capacity and lifecycle management topics for ALM applications and related IT components.

• Coordinate or support deployments, releases and changes in lower environments and support readiness for production implementation where applicable.

• Help align application and infrastructure changes with relevant teams, including updates related to CMDB, ServiceNow records, patches, memory/CPU allocation, backup and restore, disaster recovery testing and security event monitoring.

• Support monthly business processes and production-related operational activities by cooperating with 1st line support, end users, Business Analysts and engineering teams across the ALM value chain.

• Support analysis of incidents and problems, including root cause analysis and translation of recurring findings into improvement stories or control enhancements.

• Contribute to automation and process-improvement initiatives related to production process automation, change process automation, monitoring, data quality controls, testing and operational reporting.

• Act as a sparring partner for development and platform teams to ensure that new solutions are supportable, maintainable, secure and aligned with operational requirements from the start.

Information about the team:

You’ll join a team supporting critical ALM applications in a regulated environment. We value efficiency, clear documentation and audit-ready execution. You’ll receive onboarding support, mentoring, and a structured learning plan for key topics. We offer a stable employment contract (UoP), annual bonus (13th salary), and a comprehensive benefits package including private medical care, insurance, Multisport card, PPE, hybrid work, company equipment, and subsidies for phone, glasses, tickets, and meals.

The team works in the ALM Platform & Process area, supporting applications and operational capabilities used for balance-sheet risk management, monthly financial forecasting, stress testing, replication modelling, riskcentralizationand reporting. The platform consists of Microsoft-based and application components including Microsoft SQL Server, C#, Azure DevOps, Windows-based applications and ALM Reporting Area / Power BI.

You will work in close cooperation with Dev, Ops, Business, Risk, Security and Infrastructure stakeholders. The team combines engineering, operational and compliance responsibilities, and contributes to a stable, standardized and secure ALM platform.

The work includes both compliance/control topics and operational platform topics such as monitoring, incident/problem/change follow-up, deployment readiness, lifecyclemanagement, automation, evidence quality, user access management and audit readiness.

The team is also involved in initiatives around production process automation, updated change and release processes, UAT support, E2E and performance testing, data quality controls, ALM Greenlight, q3 automation tooling, monitoring improvements and reducing manual operational effort.

The role naming convention in the global ING job architecture will be “Engineer III”.