Senior Global M365 Security Engineer

Background on what ING is about:

ING Hubs Philippines (ING Hubs PH) is an international part of the ING organization delivering services to many Business Units across the world for both Wholesale Banking and Retail Banking activities. Working for ING Hubs PH means working with the most diverse workforce and where no challenge is the same.

At ING our purpose is to empower people to stay a step ahead in life and business. We believe that sustainable progress is driven by people with the imagination and determination to make a better future for themselves and those around them.

ING is changing what banking is. For you, that means plenty of opportunities for personal growth in a continuously evolving environment. If this is the environment you thrive in, then apply and join us in changing the future of banking!

Job Overview

As a Security Engineer, you will contribute with the strategic product vision and backlog for Security Services across our global organization. You’ll work at the intersection of Defender components and Purview features, ensuring a seamless, secure and compliant, and scalable employee experience for our workforce.

Key Responsibilities

• You are maintaining and improving our services as part of a cross-border squad of peers and customer journey experts. Employee satisfaction is key to us!
• SaaS vendors constantly release new features; you will help to keep up and preferably stay ahead with our own feature requests to them.
• You and your colleagues will be developing the services for the future, automating, and simplifying them, as well as making them more robust and secure.
• You will be responsible for managing vulnerabilities on endpoints. This includes identifying affected devices based on CVEs, coordinating within the Tribe a communication strategy to notify impacted users, handling of correlated tickets, and responding to emails. You will play a key role in ensuring timely mitigation and clear communication around endpoint vulnerabilities.
• We are a valued partner for many of the big suppliers, such as Microsoft, JAMF and others. You are in frequent contact with their key staff / product groups.
• We are a bank, so we are highly regulated - we must be, if we want to safeguard our clients’ data. This requires thorough administration and strong processes; can you automate these and make them less of a burden?
• No day will be the same, we work agile. We stimulate proactivity - you have the freedom to choose your own course of action for projects and other tasks whenever possible.
• We provide a 24/7 global service. You will also share the responsibilities of the team in solving 3rd line incidents on a rotation-based scheme, doing administration and participate in standby services.
  
  

• You are detail-oriented and capable of managing multiple vulnerability cases simultaneously, ensuring timely follow-up and resolution.
• You are comfortable translating technical vulnerability data into clear, actionable communication for both technical and non-technical audiences.
• You are a frequent visitor of conferences and meet-ups, you constantly try to improve yourself. Furthermore, you like to challenge others to improve as well, and you train and/or coach them.
• You know how to manage stakeholders on all organisation levels; you can easily work together with them to achieve your goals. You can develop strong and collaborative partnerships with organisational leaders.
• You know how to visualise, articulate, and solve complex problems.
• In your previous roles, you were the ‘go-to-person’ for the team when encountering challenges. You are a genuine team player.
• You have excellent communication skills, capable of conveying complex technical topics to various audiences and can manage stakeholders on all levels within the ING organisation to achieve your goals.
  
  

• You have a degree in Computer Science, Business Administration, IT Audit or a related field or equivalent work experience.
• You have knowledge and/or experience working with endpoint protection platforms (preferably Microsoft Defender) and have experience working with ticketing systems and incident response workflows.
• You have knowledge and/or experience working with Microsoft Purview capabilities, including but not limited to Data Loss Protection (DLP), Information Protection, Insider Risk Management and others.
• You have experience collaborating with communication or customer-facing teams to coordinate user notifications and follow-up actions related to security incidents.
• You have hands-on experience with vulnerability management tools and processes, particularly in identifying, assessing, and remediating endpoint vulnerabilities based on CVEs.
• You have IT experience with Microsoft 365 technology in an enterprise-level multinational organisation, including relevant certifications to show for it; this is both Microsoft 365 as well as security certifications (such as CISSP, CISM, etc.).
• You understand the principles of outsourcing on operational, tactical, and strategic levels with E2E accountability of the WPS Services delivered across multiple external and internal parties.
• You have worked in highly regulated environments like financial institutions before.