IT Risk/OCD Resource HR Saas Applications

IT RISK/OCD RESOURCE

As part of a Squad Risk/OCD resource aligns with 3rd parties to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application. You help the 3rd party and shares information on the Minimum Standards/IT Risk controls and requests the evidence that supports the correct execution of the, in the contract described, IT risk & security agreements

In addition, you conducts internal OCD activities, align with relevant internal Risk departments with regard to the, by the 3 party, delivered evidence.

KEY ACTIVITIES

- Collect and register OCD related evidence material and ensure that OCD remains up-to-date
- Assess certificates (like ISO) and Service Organization Control (SOC)/Audit reports, received from 3rd party, involving 1st Line of Defense Risk and prepares a concluding in control statement to be approved by 1st/2nd Line of Defense Risk and Asset Owner
- Conduct 3rd party site visits/audits, together with Service Manager, if and when appropriate, such to be decided by the Service Manager

PROFILE:

- CISM Certified and experienced in the CISM domain
- Preferably CISA Certified
- Knowledge of the ING IT Risk controls
- Clear understanding of ISO 27001, SOC 2 type 1being able to apply them in practise
- Knowledge of infra and SAAS applications
- Experience with supplier management
- Good communication skills
- Dutch/English speaking

If you are available, amend your latest CV today - Interveiws soon!