IRM Manager

Location:Sydney
Job Type:Full Time

The Information Risk Manager (IRM) is responsible to advise 1st LoD about (implementation of) new/updated Global NFR Policies, Minimum Standards and Procedures related to IRM, BCM and Personal & Physical Security Risk. This will involve challenging and monitoring IT and Continuity risk management processes and quality along with supporting the 1st line in managing risks in accordance with Risk Appetite for Information, Continuity and Physical & Personal risks

What are you going to do? You will

  • Act as IRM-BCM advisor, who directs, advises and supports the identification, analysis and mitigation by 1st LoD/business of risks to ING that result from inadequate security of information (supporting business applications, IT processes, databases and supporting infrastructure
  • Challenge and monitor IT and Continuity risk management processes and quality and ensure Business Continuity Risk is continuously monitored and managed by enabling 1st LoD to setup and maintain the Business Continuity Plans, Disaster Recovery Plans, CMO Plans and Communication
  • Provide subject matter expertise from a 2LOD on Information Risk, Continuity Risk and Personal & Physical Security Risk related areas (including Information Security, Data Management)
  • Oversee, review and challenge the execution of key control testing and design of new controls including SOX testing for Information Technology general controls (ITGC) and associated scoping and reporting processes
  • Analyse and aggregate reporting (e.g. RMM Model/ NFRD) related to Information Risk, Continuity Risk and Personal & Physical Security Risk to relevant reporting bodies (such as NFRC/ IT Steering, CIRM) by performing periodical spot checks in line with the IRM community and RMM model and report the findings
  • Participate in bank-wide remediation programs, initiatives and projects related to Information Risk, including Continuity Risk and Personal & Physical Security Risk (E.g. User access improvement program, Life cycle management)

What are we looking for? Someone who has

  • Tertiary Qualification in Commerce, Business or Information technology (Certifications into IT and Business Continuity Risk management such as BCI, ISC2, ISACA highly desirable)
  • 5+ years in Risk, IT or IT Audit preferably in the financial industry
  • Exposure to & understanding of technical & business related threats facing online banking(security and data management) current industry threats, trends and issues that potentially affect the Bank's security and information risk profile
  • Industry Knowledge in the following areas: Information and Technology Security Data Management Concepts in Business Continuity & Disaster Recovery Cybercrime Operational Risk Framework and governance Understanding of technology industry standards (ISO) and regulator guidance such as Data Security and Data Management
  • Strong knowledge on local laws and regulations related to Information Risk such as GDPR, CPS 234, CPS 231 and CPS 220.

About us

At ING, we want to make life simpler and more worthwhile – for everyone who banks with us, for the people who work with us, and the community at large, too.

When you come to work at ING, you’re joining a team where individuality isn’t just accepted, it’s encouraged. We’ve built a culture that’s fun, friendly and supportive – it’s the kind of place where you can be yourself and make the most of whatever you have to offer.

We give people the freedom to take risks, think differently, take ownership of their work, and make great things happen. We’re here to help you get ahead. And with our global network, there’s plenty of scope to take your career in new directions, perhaps even ones you’ve never considered.

People of all ages, sexual orientations, cultures and backgrounds are welcome to apply – likewise if you’re an indigenous Australian, or you’re living with a disability, or you have family or caring responsibilities.

Sound like the kind of place you’d feel at home? We’d love to hear from you.

(One last thing, ING operates a direct talent sourcing model. So no agency introductions, please.)