Senior Security Strategy Consultant

Background

ING Office of the CISO focuses on cybersecurity steering, threat & vulnerability management and response. We translate key risks, business requirements and applicable laws & legislations into architectures and accompanying enterprise-wide security programmes to achieve ING's strategic objectives, while delivering threat detection and response services to the ING organization on a global level.

The objective of the Security Strategy & Architecture department is to ensure that business strategy and cybersecurity strategy and implementations are aligned on an ongoing basis taking into account applicable technology approaches, solutions, good practices, risk appetite and cost targets.

Main activities are:

• In partnership with the Global Head of Security Strategy & Architecture and the Global CISO, leading the design of CISO/security strategy of ING specifically:
  • Security practices and frameworks
  • Vendor and technology solutions/services strategy
  • Technology approach
  • Improvement programmes
  • Business case including financials
• Providing global security advisory on design and implementation matters
  • Advisory role in security programmes
  • Advisory role in security standards
  • Writing vision/position papers

Key Responsibilities

• Strategic advice to the CISO Office
  • Gathering requirements, collecting context data, analysing the business needs, and providing input to support the strategic decision-making processes. Challenging the validity of given procedures, processes, policies and systems
  • Advising Domain Architects, Enterprise Architects, (IT) business and the CISO in identifying, justifying and design/development of the required solutions, including scope definitions and qualitative business cases
  • Supporting the development of technology vendor strategy and performing impact analysis on solution/service implementations
• Architecture artifacts lead and delivery
  • Formulating and testing hypotheses and drawing conclusions to determine appropriate security solutions/services for ING in a global perspective
  • Designing Global Strategy for CISO ensuring the optimal match between technology, fit-to-infrastructure (feasibility of deployment), costs, user acceptance, measurability, and flexibility/scalability together with a virtual team of Domain and Enterprise Architects
  • Maintaining and updating the Global Strategy for CISO taking relevant (technological, organisational) changes into consideration as well as keeping pace with innovations and trends in the industry/market
• Communication and verification
  • Presenting and delivering verbal and written messages to other architects within ING, senior specialists and senior executive management
  • Defining and presenting final solution and impact on the organisation, and sustaining the rationale for the solution/service
  • Organising and providing trainings, workshops, video conferences and working with international (virtual) teams on the topic of Security Architecture
  • Building and maintaining a sustainable network of specialists inside and outside ING
• Intellectual capital & knowledge sharing
  • Initiating and leading knowledge sharing activities
  • Keeping professional knowledge up-to-date and translating external innovations and trends into useable information

Requirements

• Fluent in conceptual aspects of security, specifically on:
  • Security practices and frameworks (e.g. CIS, MITRE, NIST)
  • Network security
  • Access management
  • Application security
  • Infrastructure security
  • Background in Computer Science or Mathematics/Physics
  • At least 10 years of professional experience in the field of IT, and at least 7 years in the field of security
  • CISSP
• Furthermore the following personal profile:
  • Ability to take ownership and responsibility
  • Expertise and demonstrated track-record in driving and steering multidisciplinary teams
  • Excellent analytical skills and clear way of expressing abstract concepts
  • Experience in producing and presenting Security Architectures on a conceptual and logical level
  • Experience in effective communication on senior management level
  • Excellent writing & reporting skills in English
  • Familiarity with risk/threat models, Enterprise Architecture concepts and their relationships
  • Determination to continuously develop your (technical) expertise and knowledge
  • Willingness to travel (up to 25%, mainly in Europe)