Description
IT Risk/OCD resource
As part of a Squad Risk/OCD resource aligns with 3rd parties to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application. You help the 3rd party and shares information on the Minimum Standards/IT Risk controls and requests the evidence that supports the correct execution of the, in the contract described, IT risk & security agreements
In addition, you conducts internal OCD activities, align with relevant internal Risk departments with regard to the, by the 3 party, delivered evidence.
Key activities
- Collect and register OCD related evidence material and ensure that OCD remains up-to-date
- Assess certificates (like ISO) and Service Organization Control (SOC)/Audit reports, received from 3rd party, involving 1st Line of Defense Risk and prepares a concluding in control statement to be approved by 1st/2nd Line of Defense Risk and Asset Owner
- Conduct 3rd party site visits/audits, together with Service Manager, if and when appropriate, such to be decided by the Service Manager
Profile:
- CISM Certified and experienced in the CISM domain
- Preferably CISA Certified
- Knowledge of the ING IT Risk controls
- Clear understanding of ISO 27001, SOC 2 type 1 & 2; being able to apply them in practise
- Knowledge of infra and SAAS applications
- Experience with supplier management
- Good communication skills
- Dutch/English speaking
If you are available, amend your latest CV today - Interveiws soon!