Data Security Expert, Associate

Tech Americas | Information Security | Data Security Expert | New York

About ING: 

 Ranked #8 on LinkedIn Top Companies in Financial Services

Crain’s 100 Best Places to Work

Ragan’s Top Places to Work in 2023

In Americas, ING’s Wholesale Banking division offers a broad range of innovative financial products and services to domestic and international corporate and institutional clients. 

 
When you come to work at ING, you’re joining a team where individuality isn’t just accepted, it’s encouraged. We’ve built a culture that’s fun, friendly and supportive – it’s the kind of place where you can be yourself and make the most of whatever you have to offer.

We give people the freedom to take risks, think differently, take ownership of their work, and make great things happen. We’re here to help you get ahead. And with our global network, there’s plenty of scope to take your career in new directions, perhaps even ones you’ve never considered.

Sound like the kind of place you’d feel at home? We’d love to hear from you.

About the position:

This role is part of a diverse Information security team tasked with maintaining and improving the Information Security program posture of the organization. This individual will drive resolutions to control-related matters, proactively identify regulatory or security gaps, collaborate with vendors and IT peers to tackle governance related matters, and ensure the IT organization aligns to different security standards and frameworks.
 

We are seeking an intermediate skilled data security Engineer to join our Americas region information security team. As a Data Security Engineer at ING, you will work closely with other members of the Information Security team to ensure the security of our information systems and data.

In addition, we are looking for an individual who is seeking to take on shift left security to mature overall information security. The future candidate of this role must be a well-rounded risk practitioner, well versed in information security norms and who also possesses a wide range of knowledge across multiple methodologies of Cybersecurity, IT Risk and SDLC best practices.

About the company:

ING Americas Tech is the support backbone and catalyst for new and innovative solutions that drive growth for both internal and external customers. We strive to bring technical expertise and business knowledge together to support a wide range of products within media and telecoms (TMT), utilities power and renewables, natural resources, food and agribusiness, real estate, and infrastructure, with financial product specialists in industry lending, corporate finance, debt capital, commodity and export financing, sustainable finance and much more.

Responsibilities:

• Ownership of the information security IT Risk control pillars compliance in line with industry best practices and existing Wholesale Banking CISO strategic initiatives.
• Mature our SDLC Process by partnering with our global counter parts, becoming a global contributor on implementing security tools and practices into Azure One pipelines to ensure compliance with ING policies and standards.
• Serve as a subject matter expert advisor to information security team in the development, implementation, and maintenance of a strong information security program to meet ING risk appetite.
• Liaison and enable DevOps engineers in providing quality control execution in order to support  a secure application onboarding and implementation of controls.
• Design, implement and monitor security safeguards and their continuous effectiveness in an emerging Cybersecurity threat landscape.
• Develop a risk culture, liaison for IT security standards, providing governance and support.
• Challenge the control posture by performing deep dives into systems and controls to assess risk.
• Manage several security services including, security requirements, threat modelling, design reviews secure code review best practices.
• Provide guidance to automate security testing and monitoring within the CI/CD pipelines to detect vulnerabilities early in the development cycle.
• Work closely with development, operations, and security teams to ensure seamless integration and adoption of security practices.
• Conduct regular security assessments and audits to identify, mitigate and escalate potential security risks.
• Stay up to date with the latest security trends, tools, and best practices to continuously improve our security posture.
• Responsible to maintain comprehensive documentation of security processes, tools, and procedures.

Qualifications and Competencies

• B.S. in Computer Science (or equivalent major) or significant job experience. Top candidates will possess one or more market leading security certifications (e.g. CISM, CISA, CISSP,).
• At least 3-5 years' experience in Information Security practices and preferably in DevSecOps.
• Technical expertise:  Familiarity with tools, CI/CD, SDR, EDR, DLP
  • Experience with security tools such as SAST, DAST, vulnerability scanners, and more.
  • Strong programming skills in languages such as Python, Java, or similar.
  • Hands-on experience with Azure and its security services.
• Knowledge: In-depth understanding of security principles Confidentiality, Integrity & Availability.
• Compliance: Knowledgeable in industry cyber security regulations & laws.
• Communication: Clearly communicate complex technical information to both technical and non-technical stakeholders, such as senior management, auditors, and regulators.
• Collaboration: Work effectively as part of a team and collaborate with other stakeholders, such as developers, system administrators, and business users.

Salary Range: $110,000 - $140,000           

In addition to comprehensive health benefits, a generous 401k savings plan, and competitive PTO, ING provides a broad array of benefits including adoption, surrogacy, and fertility services; student debt assistance; and subsidies for expenses associated with working from home, commuting, and fitness.

ING is a committed equal opportunity employer. We welcome applicants of diverse backgrounds and hire without regard to color, gender, religion, national origin, citizenship, disability, age, sexual orientation, or any other characteristic protected by law. We celebrate these differences and rely upon your unique perspective to innovate and seize new opportunities. Come as you are.

ING Bank does not have a commercial banking license in the U.S. and therefore not permitted to conduct a commercial banking business in the U.S. Through its wholly owned subsidiary ING Financial Services LLC, and its affiliates, it offers a full array of wholesale products such as commercial lending and a full range of FM products and services.