Madrid
At ING Hubs Spain we are looking for a Third party Audit Supervisor We are looking for a talented and enthusiastic Third party Audit Supervisor to join our ING Hubs Spain Team of Third Party Cyber Risk Management. We are a group of curious team-players IT auditors that enjoy addressing new challenges to related to third party vulnerabilities and IT risks. As a Third Party Audit Supervisor, you will lead a team of IT Auditors to execute onsite inspections on behalf of ING to third parties. You lead a team of Third Party IT Auditors, that independently evaluates the design and implementation of IT controls executed by outsourcers. You will plan, organise, execute risk-based onsite audits, co-ordinate with senior management/supplier to arrange the fieldwork and assess the control environment via interviews, review of documentation, field inspections, configuration assessment and by performing technical tests, including penetration tests and/or red teaming for critical third parties. At the end of each audit you will provide executive-ready dashboards, communicate systemic risk insights and results to the management that helps ING to improve its security control environment and mitigate risks across third parties. Travel may be required in some audits, with an estimated period of 6-8 weeks per year. These are some of the qualities that we value the most for this role. A bachelor’s or master’s degree in Computer Science or IT Engineering, IT Security, IT Risk Management or IT Audit. No one can know every IT technology in depth, but you need to have security knowledge for the main IT layers such as operating systems, network infrastructure, database management systems, web technologies, mobile operating systems. It can be (examples given) clouds technologies, IT programming and development processes and tolls, identity access management solutions, containers technologies like Docker or web/mobile applications. You have more than 6+ years of experience in IT Audit, with a sound knowledge about IT risk management, governance, and the three-lines of defence model. You have performed penetration tests or red teaming exercises in your career preferably. You feel comfortable leading both technical and IT process audits, dealing with conflicts and managing expectations. You are used to organise fieldwork testing and meet timelines. Your English should be good for both communication and writing, you are used to work in multicultural environments. Knowledge of banking industry regulations such as PSD2, EBA guidelines or DORA NIST CSF, ISO/IEC 27001, SOC 2, Cloud Security Frameworks and EU regulatory frameworks Experience with vulnerability assessment and pentesting tools (e.g. Experience with data analytics tools or scripting (e.g., Keeping both our customers and our colleagues needs in mind, you determine together which days you work at home and which you come to ING MAD to offer your best self. Health insurance. In addition, you will enjoy our flexible remuneration model, through a more tax-advantaged way, you will be able to access other services such as nursery, transport card, training aids… It doesn't matter where you live, we’ll help you get to the office. ING is launching the new member of ING Hubs in Spain , an integral part of ING in charge of designing and delivering important technological and operational solutions to make banking frictionless for our customers. ING Hubs play a key role in our ‘Growing the difference’ strategy to become the best European bank. This will be our sixth global hub, joining a network of over 13,000 professionals in the Philippines, Poland, Romania, Slovakia, Türkiye and Spain. We’re not just a bank—we’re a tech company that happens to do banking. Our new hub will be a center of excellence for scalable, fast, and secure technology. We have global impact: We are agile: ING was the first bank to adopt agile at scale. Sustainability at the heart of what we do: We have a role to play in defining new ways of doing business that align economic growth with positive environmental and social impact.
Página 4