IT Risk Engineer for SaaS Solutions

We are looking for you, if you:

• have a minimum of 3-year relevant experience within IT Risk management for SaaS,
• are a senior and proven expert in the field of IT Risk, possessing in-depth knowledge of IT Risk Management and processes. You can deal with and advise on highly complex and difficult matters, including AI,
• are able to transfer IT security requirements into practical implementation,
• are a trusted advisor, who brings IT Risk under control by supporting the business lines. In addition, you know how engineers work and how controls can be best integrated in their daily way of working, ensuring that delivery and risk are balanced for the risk appetite of the business,
• are flexible, energetic, influential you adapt easily and can work both independently and in a team.
• can analyse and solve problems. You are a holistic thinker with an attention to details,
• are organized, can provide structure and maintain focus on the full picture.

You'll get extra points for:

• active holder of certifications issued by ISC2 (like CISSP, CCSP) or issued by ISACA (like CISM, CISA, CRISC) or similar,
• business oriented approach,
• Agile/Scrum knowledge.

Your responsibilities:

The SaaS Engineer operationally aligns (as operational ING business contact) with a 3rd party to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application. SaaS engineer maintains operational relationship with the 3rd party and makes sure ING minimum standards and regulatory requirements are followed. This concerns the activities that have been agreed upon in the SaaS/Outsourcing contract to keep the bank safe.

Main focus, IT Risk related activities:

• participate in RFI/RFP processes for new SaaS applications with stakeholders,
• conduct 3rd party Trust sessions / IT Risk assessments with suppliers,
• assess the third party assurance reports and certificates of the SaaS supplier (like ISO) and Service Organization Control (SOC 2) audit reports,
• identify potential exceptions, control gaps and manage the follow-up with SaaS supplier,
• act as SPOC for 3rd party penetration testing by ING,
• support Asset Owner on creating IA (Issue Acceptance) and/or MIA (Management Identified Action) and follow up on these,
• collect and register IT Risk related evidence (from ING and 3rd parties) and ensure this remains up-to-date and timely registered in ITRMP,
• conduct periodic IT Risk service meetings with SaaS supplier,
• determine the impact of new/changed external regulations /ING standards on the SaaS supplier,
• align with 3rd party on their product roadmap and release planning and determine the impact of 3rd party changes on ING,
• participate with ING Procurement, Legal and DPO.

You will be a driven senior SaaS Engineer who feels personal responsibility for your SaaS application(s) and its security and reliability. We are looking for you if you are passionate about IT Risk, this is your main profession. You are ambitious with what you and your team want to achieve. You bring positive energy to the team and have very good social and communication skills. This leads to great performance.

Information about the squad:

We are looking for an enthusiastic and experienced SaaS (Software as a Service) Engineer to become part of the HR SaaS Chapter within Employee TECH Services. As SaaS engineer you will become part of international team within ING Group.

The role naming convention in the global ING job architecture will be “Engineer IV".