ING Direct
Reading, United Kingdom

JANUARY 2009 – MARCH 2013


  • Future threat assessments – Identification of e-Crime / Cybercrime, computer and human threats – assessment to establish the probability and impact of the threat in relation to the particular function of the service or business (Risk versus reward to identify key risks and controls).
  • Internal Information Risk Awareness – Designed and rolled out awareness messages to staff and contractors to ensure they understand the risks and the control requirements in place within the bank.
  • Review and coordination of the Ethical Hacking process to ensure that services and systems are assessed via via Penetration Testing, Web Application Assessment and Code Reviews to detect and mitigate security vulnerabilities.
  • Working on the separation project to identify requirements, risks and controls necessary to ensure a successful separation of ING Direct UK from ING Group, including removal of ING Proprietary information from the UK operation before the transfer to Barclays.
  • Customer security awareness – Designed and managed the structure and content of the customer security awareness section of the banks commercial website.
  • Day to Day Information and Technology Risk Management – Working alongside the Business and IT to ensure that appropriate processes and controls are in place, where necessary helping to identify new approaches in mitigation and reporting requirements.
  • Planning, Coordination and Testing of Sarbanes-Oxley (SOx) requirements, ensuring that General Computer Controls (GCC) are in place, designed and operating effectively.
  • As part of the Risk and Control Self Assessments (RCSA) process, partake in assessments to ensure that Risks, Issues, Key Controls, Key Indicators and mitigating actions are identified, assessed and correctly documented.
    Review of business Key Control testing plans to ensure that the plans correctly measure the performance and effectiveness of the Key controls within the bank.