The NFR Specialist V is part of the Center of Expertise (CoE) Cyber Security Risk within the Non-Financial Risk (NFR) domain. The team focuses on identifying, managing, and mitigating cyber risks across ING globally, contributing to the bank’s resilience against internal vulnerabilities and external threats.
Specific Function
The team provides expert analysis and oversight in cyber security risk, supporting the identification, measurement, and mitigation of risks from technologies, processes, and potential attacks. They ensure alignment with regulatory requirements, challenge the effectiveness of controls, and advise senior management on risk exposure and mitigation strategies. The role serves as an experienced advisor to both the NFR teams and the first line of defense, with a global impact.
Job Description
As an NFR Specialist V – Cyber Security Risk, you are an experienced expert responsible for identifying, managing, measuring, and mitigating cyber security risks. You will analyze security events and incidents, conduct forensic investigations, develop and maintain policies, and ensure regulatory alignment. You will independently assess cyber risks, monitor threat intelligence, and provide guidance to management and the first line of defense. Success in this role requires strong analytical skills, technical expertise, and the ability to communicate complex topics to diverse stakeholders. This position is meaningful as it directly contributes to ING’s resilience and strategic risk management.
Specific Tasks and Responsibilities
Analyze security events, incidents, threats, and malware; conduct forensic investigations after breaches
Develop and maintain cybersecurity-related policies, ensuring alignment with external regulations
Monitor and challenge the implementation of controls, remediation plans, and risk acceptances
Perform independent cyber risk assessments and control effectiveness reviews
Review and challenge incident response reports and root cause analyses
Monitor threat intelligence and assess its impact on ING’s risk posture
Challenge the definition of Key Risk Indicators (KRIs)
Support NFR teams in deep dives, oversight, and reporting
Advise management on cyber risk exposure and mitigation strategies
Stay up to date with emerging threats, attacks, regulatory developments, and industry best practices.
Specific Knowledge and Experience
Master’s degree in Computer Science or equivalent (Math, Engineering)
7+ years of experience in cyber risk management roles, ideally in a CISO department or 2LoD
Strong understanding of cybersecurity, threats, attack methods, and techniques
Expertise in data centers, infrastructure, cryptography, cloud, platforms, and business applications
Strong skills in Security Detection & Response, Vulnerability Management, Datacenters, and Network
Solid expertise in Identity and Access Management, IT Resilience
Solid understanding of relevant regulations (e.g., DORA, EBA, MARisk)
Analytical and problem-solving skills, stakeholder management, influencing, and communication
Good judgment, decision-making, and cultural sensitivity for working across geographies
Reporting Line and Classification
Cyber Security Specialist reports hierarchically to the Lead of Cybersecurity Risk and Foundational Technology located in Amsterdam
This position is classified as: GJA 18 | JG NL 12 | Job Title: NFR Specialist V | Job Family Group: Risk | Job Family : Non-Financial Risk