• Develop and maintain roadmaps to ensure timely recertification of user access rights;• Execute user access recertification campaigns, including planning, configuration, execution, and monitoring phases;• Collaborate with IT and business teams to automate and streamline recertification processes where possible;• Maintain documentation, policies, and procedures related to user access recertification activities;• Act as a single point of contact in audits and compliance assessments related to user access controls and recertification processes;• Provide guidance and training to reviewers and stakeholders before, during and after the recertification campaigns;• Investigate and address incidents, service requests and various queries related to user access recertification.

• Served as the single point of contact for internal, external, and regulatory audits; • Managed relationships effectively to drive the completion of audits in a controlled, collaborative, and efficient manner;• Coordinated and assisted in development of formal responses to Audit and Regulatory inquiries or assessments. This was comprised of documentation gathering, drafting of documents, and researching past activity and reports;• Identified and interacted with process owners to outline key actions and deliverables for audit and regulatory inquiries or assessments;• Analyzed responses to ensure they adequately addressed the request;• Daily tracked and monitored the timely submissions of process owners;• Effectively communicated audit engagement status to Management;• Coordinates and assisted in development of management action plans;• Led global meetings and complex risk and compliance projects with cross-functional teams;• Assisted with monitoring milestone targets for completion to ensure gaps were addressed and resolved;• Proactively identified and reported Information Security and Technology compliance risks;• Developed and supported monitoring activities to ensure compliance with regulatory requirements and internal policies and standards;• Developed and maintained key performance metrics to track and ensure compliance with established policies and standards;• Prepared and delivered briefings to senior leadership;• Assisted in periodic internal control compliance assessments;• Interacted with Auditors and Regulators as needed;

• Provided interpretation of ING Group Information (Technology) Risk policies & Minimum standards;• Contributed to the development and maintenance of Information Risk Management Framework, Policies, Minimum Standards, Procedures, Methods and Techniques;• Facilitated Business Impact Assessments in order to perform Data Classification for new or existing information assets/systems;• Participated in or reviews Detailed Risk Assessments;• Reviewed various technical documentation – Application Operational Security Guidelines, Functional Specification documents, Application Architectures documents etc.;• Reviewed, challenged and provide support, where needed, the business and/or IT for/during risk assessment sessions for identifying information security risks;• Performed planned/spot checks for verifying the effectiveness of the (IT) controls implemented and propose remediation solutions based on the outcome;• Participated in designated projects, developments or business initiatives, advising on information security risks;• Provided support to business during internal or external audit sessions, including Penetration Tests & Ethical hacks;• Measured and reported the implementation of information risk framework throughout the organization;• Performed Second Line Monitoring role in IT Generic Key Control Testing processes;• Provided support during (IT) security incidents & investigations;• Provided support for the identification of the impact of and the coordination of responses to law and regulatory changes and monitored the follow-ups of the regulatory issue solving;• Implemented and maintained a Risk Awareness framework;• Became a part of virtual risk teams and/or risk flying squads for assessing the effectiveness of (IT) controls implemented or maturity of IT processes, where designated by the Corporate Information Risk Management department;• Performed and assisted in other risk activities where the requirement would arise.

• Extracted security data from internal corporate tools like Tenable, Algosec, Proofpoint, McAfee EPO, Splunk etc.;• Interpreted and analyzed data in order to provide items for the monthly logical security report;• Helped sites to resolve the security issues discovered during the PCI CP audits (Visa/ MasterCard/American Express);• Provided support on corporate tools to all production sites within the company;• Instructed sites on security tools implementation;• Worked with the Chief Deputy IT Security Officer to define new key performance indicators and processes improvement opportunities;• Vulnerability assessment and management via Tenable.sc and Tenable.IO;• Firewall configuration (Cisco ASA, Cisco Firepower, Juniper SRX) for correcting various problems found during the audits.

⦁ Worked with a highly knowledgeable group of customers and acted as an escalation point for other TAC groups within the organization;⦁ Troubleshooted hardware and software issues, replicated customer environments and network problems in the lab;⦁ Provided technical expertise and guidance during testing, deployment and operational phases of networks;⦁ Documented and reproduced customer related networking problems;• Developed and prepared technology white papers;⦁ Participated in cross functional tasks, helped improve processes and tools.

⦁ Monitored alarms received from the equipments located in the Backbone IP, CBU and 3G networks;⦁ Monitored strategic clients locations and prepared monthly SLA reports;⦁ Applied escalating procedures according to the internal rule set;⦁ Identified incidents in the monitored networks and notified the responsible individuals for the node in the network where the fault was discovered;⦁ Registered and resolved tickets in internal databases;⦁ Cooperated with the Support, NOC-IP, NOC-CBU, Backbone and Infrastructure departments in order to resolve network faults;⦁ Notified the national and international carrier partners in case a fault appears on one of the rented lines;⦁ Generated reports for the monitored equipments downtimes.