Head of Security Architecture & Strategy

We are seeking a senior leader to define and drive ING’s global security architecture and multi‑year security strategy. You will ensure security is designed‑in by default across platforms and transformations, aligning with business objectives, technology roadmaps, and regulatory expectations. This role blends strategic leadership with architecture authority, converting risk and threat insights into clear standards, reference architectures, and consumable patterns that scale across countries and domains.

The team
You will report hierarchically to the Global Chief Information Security Officer (CISO) and have a strong functional reporting line to the Global Head of Tech Strategy & Enterprise Architecture. As such you will be part of the Enterprise Architecture community, collaborating with Chief/Domain Architects to embed security into enterprise and domain designs and to ensure coherent, end‑to‑end architectures.

Roles and responsibilities
In this role, you will be accountable for the following core responsibilities, which are essential to driving ING’s security architecture and strategy in close alignment with enterprise architecture and business objectives:

Strategic leadership & roadmap

• Define and maintain a 3–5 year security strategy, aligned with business strategy, tech/data strategies, threat landscape, and regulatory expectations; translate into strategic pillars, outcomes, and milestones.
• Publish and socialize a security architecture roadmap that guides platform and program decisions across countries/domains.

Architecture direction & standards

• Set security architecture principles, standards, and reference architectures for cloud, identity, data, applications, APIs, and infrastructure; ensure compatibility with enterprise architecture frameworks and models (e.g., TOGAF, Archimate).
• Convert risk, threat, and regulatory requirements into actionable patterns and reusable building blocks for engineers and architects.

Design authority & governance

• Act as security design authority on behalf of the CISO: approve standards, patterns, and exceptions; embed security architecture in design/investment reviews and major programs to avoid late rework.
• Collaborate with Enterprise Architecture forums to ensure security is integrated from inception, not retrofitted.

Collaboration & stakeholder management

• Partner with business leaders, CIO domains, risk/compliance, data & engineering teams, and vendors to balance risk, cost, and speed while meeting regulatory expectations.
• Represent Security Architecture in enterprise architecture and executive forums; provide clear, timely guidance to unblock delivery.

Risk, threat & regulatory alignment

• Integrate threat intel, incident learnings, resilience testing, and audit/regulatory feedback into architecture direction and priorities. Support the CISO in supervisory engagements.

Leadership & capability building

• Build and lead a high‑performing, diverse team of security architects and strategists, fostering technical intensity and architectural rigor. Mentor architects and engineering leaders to elevate security by design.

How to succeed
We hire smart people like you for your potential. Our biggest expectation is that you’ll stay curious. Keep learning. Take on responsibility. In return, we’ll back you to develop into an even more awesome version of yourself.

Experience

• 12+ years in technology/security with senior security architecture leadership; experience in large, complex, regulated environments (financial services preferred).
• Demonstrated success advising executives, influencing cross‑functionally, and leading global architecture initiatives.

Technical expertise

• Security architecture: Identity & access, data protection/privacy, application/API security, network/infrastructure security, cloud/hybrid controls; translating risk & regulation into pragmatic designs.
• Enterprise architecture frameworks & tooling: TOGAF/Zachman (or equivalent) and modeling with Archimate; ability to align security architecture to enterprise reference models and capability maps.
• Cloud & platforms: Secure patterns for GCP/Azure/AWS, containers, service mesh, zero trust, secrets management, key management, and event streaming.
• Data & analytics awareness: Data lineage, classification, and governance patterns; enabling secure analytics/AI use‑cases in partnership with Data & Analytics architecture.

Competencies & skills

• Strategic vision & execution: Sets long‑term direction and turns it into clear roadmaps/OKRs.
• Influence & communication: Explains complex risk/architecture topics simply to executives and engineers; manages conflicting priorities.
• People leadership: Builds capability, coaches talent, and cultivates a culture of craftsmanship and excellence.
• Change leadership: Drives adoption of standards and behaviors across a matrixed, international organization.

Education & certifications

• Bachelor’s or Master’s in Computer Science, Information Security, or related field.
• Relevant certifications are a plus: TOGAF, SABSA, CISSP, CCSP, CISM; and cloud provider security certifications.

Rewards and benefits
We want to make sure that it’s possible for you to strike the right balance between your career and your private life. Find out more about our employment conditions.

The benefits of working with us at ING include:

• 25-28 vacation days depending on contract
• Pension scheme
• 13th month salary
• 8% Holiday payment
• Hybrid working
• Personal growth and challenging work with endless possibilities
• An informal working environment with innovative colleagues

About us
Curious about how ING empowers people and businesses to move forward?

Discover what we do and what we can offer you.

Questions?
Contact the recruiter attached to the advertisement. Want to apply directly? Please upload your CV and motivation letter by clicking the ‘Apply’ button.