Third Party IT Risk Engineer - Associate

Department Overview

We are looking for an enthusiastic and highly motivated IT Risk Engineer with a focus on Software as a Service (SaaS). The successful engineer will become part of the WB UK SaaS Engineering Team here in London. The team manage a modest portfolio of SaaS applications utilised by the Wholesale Bank and provide expertise to other teams globally.

We are looking for you if you; are passionate about IT and specifically IT Risk & Security. You are ambitious with what you and your team want to achieve. You bring positive energy to the team and can deal with and advise upon very complex issues. Finally, you have a strong attention to detail, very good social and communication skills, which leads to a great performance.

Main Duties and Responsibilities of Role: 
Key responsibilities:

• Act as the IT Custodian and main point of contact for changes, incidents or required assessments for your SaaS application(s), including the triage and appropriate escalation of critical issues. 

• Participate in RFI/RFP processes for new SaaS applications with stakeholders.

• Conduct regular and when required, 3rd party Trust sessions / IT Risk assessments with suppliers.

• Assist in contract reviews and creation in collaboration with CISO and Procurement colleagues. 

• Assess the third-party assurance reports and certificates of the SaaS supplier (like ISO) and Service Organization Control (SOC 2) audit reports, along with other service-based reporting.

• Identify potential exceptions, control gaps, and manage the follow-up with SaaS supplier.

• Support and oversee the regular security testing of applications (including penetration testing).

• Support the Business Owner of applications on risk management actions and the tracking of such actions. 

• Collect and register IT Risk related evidence (from ING and 3rd parties) and ensure this remains up-to-date and timely registered in our risk management platform.

• Conduct and manage periodic IT Risk service meetings with SaaS supplier.

• Determine the impact of new/changed external regulations /ING standards on the SaaS supplier.

• Align with 3rd party on their product roadmap and release planning and determine the impact of 3rd party changes within ING.

• Collaborate with a wide range of internal stakeholders such as Procurement, Legal, Data Protection and Risk Management teams.

• You will be a driven Engineer who feels personal responsibility for your SaaS application(s) and its security and reliability. 

Candidate Profile

Qualification/Education 

• Essential: Bachelor's Degree (BSc.) or equivalent in information technology or engineering. 

Experience/Knowledge

• Essential: At least 3 years’ experience working within an IT Risk focused team with strong understanding of IT Security concepts and principles. Working in financial service focused organisations. 

Personal Competencies

• Essential: Communication skills, professional demeanor, data-driven individual and independent problem solver.