IT Audit Supervisor
Role details
Job location
Tech stack
Job description
We are looking for a talented and enthusiastic IT Audit Supervisor to join our Tech Hub Spain Team of Global Corporate Audit Services.
The responsibility of this team is to perform IT audits worldwide, with special focus in ING Italy, Spain and Romania, including ING 3rd parties that support critical processes. We are a group of curiosity driven and team-players IT auditors that enjoy addressing new challenges to rise unidentified vulnerabilities and IT risks.
Your key responsibilities:
As an IT Audit Supervisor you will lead and execute IT Audits performed. You will be part of a team that independently evaluate the design and implementation of IT controls within ING and its outsourcers. You will organise the audit, contact Senior Management to arrange the fieldwork and assess the control environment via interviews, review of documentation, field inspections, configuration assessment or by performing technical tests, including penetration tests and/or red teaming. At the end of each audit you will communicate the results to the Management and produce an audit report that helps ING to improve its security control environment and mitigate risks noted by the team.
Travel may be required in some audits, with an estimated period of 8-10 weeks per year. This role is fun, non-routine and powerful since it allows to drive and push the organisation within the risk appetite, making it secure and reliable for customers and employees. However, it requires maturity to connect the dots, face different opinions with critical thinking, adapt the messages to the Management and up-to-date IT security knowledge to exercise our power and help to ING and our providers with care and professionalism.
Requirements
- A bachelor's or master's degree in Computer Science or IT Engineering, IT Security, IT Risk Management or IT Audit.
- Technical (security) knowledge of IT technologies. No one can know every IT technology in depth, but you need to have security knowledge for the main IT layers such as operating systems, network infrastructure, database management systems, web technologies, mobile operating systems. And on top you need to have your ¨favourite¨ IT area(s) where you can consider yourself as an IT (security) expert. It can be (examples given) clouds technologies, IT programming and development processes and tolls, identity access management solutions, containers technologies like Docker or web/mobile applications.
- You have more than 5 years of experience in IT Audit, with a sound knowledge of IT risk management, governance, and the three-lines-of-defence model, and have successfully led audits end-to-end, including planning, execution, and reporting, delivering comprehensive audit reports to stakeholders.
- You have performed penetration tests or read teaming exercises in your career.
- You have a strong knowledge of IT processes and standards, best practices from the market (COBIT, ISO 27001, ISO 22001, etc.).
- You feel comfortable leading both technical and IT process audits, dealing with conflicts and managing expectations. You are used to organise fieldwork testing and meet timelines.
- Coaching other team members and helping them to grow sounds exciting to you.
- Your English should be good for both communication and writing, you are used to work in multicultural environments.
- It would be a big plus if you have:
- Certifications in good standing such as CISA, CISSP or OSCP.
- Knowledge of banking industry regulations such as PSD2, EBA guidelines or DORA.
- Hands-on working experience in IT administration, operations or development.
- Experience with vulnerability assessment and pentesting tools (e.g. Nessus, Wireshark, Burp, Kali, etc.).
- Experience with data analytics tools or scripting (e.g., Knime).
