Job Description

Discover ING Hubs Romania 

ING Hubs Romania offers 130 services in software development, data management, non-financial risk & compliance, audit, and retail operations to 24 ING units worldwide, with the help of over 2000 high-performing engineers, risk, and operations professionals. 

We started out in 2015 as ING’s software development hub, then steadily expanded our range to include more services and competencies. Now we provide borderless services with bank-wide capabilities and operate from two locations: Bucharest and Cluj-Napoca 

Our tech capabilities remain the core of our business, with more than 1800 colleagues active in Data and Analytics Tech, Tech Foundation and Channels, Retail Core Banking and Architecture, and Global Products and Technology Services 

We enjoy a flexible way of working and a highly collaborative environment, where fair and constructive feedback is encouraged.  

For us, impact isn't a perk It's the driver of our work. We are guided and rewarded by a shared desire to make the world a better place, one innovative solution at a time. Our colleagues make it their job to do impactful things and they love doing it in good company. Do you?  

The Mission

The NFR Hubs Romania team is an integral part of ING’s Non-Financial Risk domain. The teamis responsible forensuring consistent implementation of NFR frameworks, policies, and procedures, while fostering a collaborative and high-performing environment within the hubs.

The Cyber NFR Specialist is part of the Center of Expertise (CoE) Cyber Security Risk within the Non-Financial Risk (NFR) domain in Hubs Romania. The team focuses onidentifying, managing, and mitigating cyber risks across ING globally, contributing to the bank’s resilience against internal vulnerabilities and external threats.

The role will report hierarchically to the Lead of Information & Technology Risk in Hubs Romania and functionally to Global Lead of ITR Team Ilocatedin Amsterdam, The Netherlands.

Your day to day

• Serve as an experienced expert inidentifying, managing, measuring, and mitigating cyber securityrisks;

• Analyze security events and incidents; conduct forensic investigations followingbreaches;

• Develop andmaintaincybersecurity policies, ensuring they align with regulatoryrequirements;

• Independently assess cyber risks andmonitorongoing threatintelligence;

• Provide guidance and support to management and the first line of defense on cyber riskmatters;

• Utilize strong analytical skills and technicalexpertiseto address complex cyber securityissues;

• Effectively communicate intricate topics to diversestakeholders;

• Play a vital role in strengthening ING’s resilience and advancing its strategic risk management initiatives.

Specific Tasks

• Analyze security events, incidents, threats, and malware; conduct forensic investigations afterbreaches;

• Develop andmaintaincybersecurity-related policies, ensuring alignment with externalregulations;

• Monitor and challenge the implementation of controls, remediation plans, and riskacceptances;

• Perform independent cyber risk assessments and control effectivenessreviews;

• Review and challenge incident response reports and root causeanalyses;

• Monitor threat intelligence and assess its impact on ING’s riskposture;

• Challenge the definition of Key Risk Indicators (KRIs);

• Support NFR teams in deep dives, oversight, andreporting;

• Advisemanagement on cyber risk exposure and mitigationstrategies;

• Stay up to date with emerging threats, attacks, regulatory developments, andindustrybest practices.

Whatyou’llbring to the team

• Master’s degree in Computer Scienceorequivalent(Math, Engineering);

• 7+ years of experience in cyber risk management roles, ideally inan ITSecurity (eg.CISO)team;

• Strong understanding of cybersecurity, threats, attack methods, andtechniques;

• Expertisein data centers, infrastructure, cryptography, cloud, platforms, and businessapplications;

• Strong skills in Security Detection & Response, Vulnerability Management, Datacenters, andNetwork;

• Solidexpertisein Identity and Access Management, ITResilience;

• Solid understanding of relevant regulations (e.g., DORA, EBA,MARisk).

If you want to deep dive into the processing of personal data conducted by ING Hubs Romania during the recruitment process and your rights related to it, read the privacy notices on our website (make sure to scroll until you reach the Data Protection section/Candidates tab).