Information Risk Manager

Last updated an hour ago
Location:Sydney
Job Type:Full Time

Being a highly risk aware organisation, and with security and governance being front-of-mind, we are seeking an Information Risk Manager to enforce policies and advise controls.

The Information Risk Manager (IRM) is a 2nd LoD role, independent from management and employees that originate risk exposures. You will be responsible to advise 1st LoD about new/updated Global NFR Policies, Minimum Standards and Procedures related to IRM, BCM (Business Continuity Management) and Personal & Physical Security Risk.

You will also be responsible to monitor and challenge control design and implementation in ING Bank Australia. Responsibility includes maintaining governance standards, ensuring the Bank is complying with associated policies, minimum & prudential standards, developing and embedding risk management processes within the organisation.

You will be supporting the Senior IRM and Head of ORM with research, fact finding, collecting evidence and documenting activities

What are you going to do? You’ll be:

  • Acting as a lead from 2nd LoD on the Governance, Policy & Risk Appetite in relation to Information Risk, Continuity Risk and Personal & Physical Security Risk

  • Communicating ING Group policies and supporting minimum standards for Information Risk and Business Continuity Risk

  • Overseeing, steering 1LOD to ensure and enforce compliance with ING Policies & Minimum Standards

  • Identifying and assessing risk; providing subject matter expertise from a 2LOD on Information Risk, Continuity Risk and Personal & Physical Security Risk related areas

  • Performing periodical Spot Checks, as well as Quality Assurance on the IT within Risk Appetite Program

  • Monitoring and challenging Personal & Physical Security

What are we looking for? You’ll have:

  • A minimum of 5 years of proven experience within IT Risk or Audit role; ideally within Financial Services

  • An understanding of technology industry standards (ISO) and regulator guidance such as Data Security and Data Management (e.g. CPS234)

  • Previous exposure and understanding of technical and business related threats facing online banking

  • The ability to identify and pursue solutions to manage operational and information risks

  • Knowledge in the areas of IT Security, Operational Risk Framework and governance would be ideal

  • Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or Certified Governance of Enterprise IT (CGEIT) would be desirable

About us

At ING, we want to make life simpler and more worthwhile – for everyone who banks with us, for the people who work with us, and the community at large, too.

When you come to work at ING, you’re joining a team where individuality isn’t just accepted, it’s encouraged. We’ve built a culture that’s fun, friendly and supportive – it’s the kind of place where you can be yourself and make the most of whatever you have to offer.

We give people the freedom to take risks, think differently, take ownership of their work, and make great things happen. We’re here to help you get ahead. And with our global network, there’s plenty of scope to take your career in new directions, perhaps even ones you’ve never considered.

People of all ages, sexual orientations, cultures and backgrounds are welcome to apply – likewise if you’re an indigenous Australian, or you’re living with a disability, or you have family or caring responsibilities.

Sound like the kind of place you’d feel at home? We’d love to hear from you.

(One last thing, ING operates a direct talent sourcing model. So no agency introductions, please.)