As the Chief Risk Officer IT & Cyber (CRO IT & Cyber), you will be responsible for all second line of defense (2nd LoD) activities within the IT & Cyber Risk Management framework, in accordance with the bank’s policies and procedures. This includes ensuring independence, appropriate and sufficient authority, stature, and resources—such as an adequate number of qualified staff at both the Bank and subsidiary level, as well as appropriate IT systems—for the risk management function. You will also have direct access to the Executive Board (ExBo) and the Supervisory Board to fulfill these responsibilities.
At ABN AMRO, the IT & Cyber Risk Management framework is supported by a three lines of defense (3 LoD) model. The CRO IT & Cyber will lead an enabling and proactive second line of defense department with the appropriate level of expertise to effectively carry out its responsibilities.
Your job
You are responsible for Procurement on ICT Risk and Third Party & Outsourcing Risk, and your key activities include:
Conduct targeted testing on suppliers and Third Party & Outsourcings Risk bank wide.
Develop and maintain Third Party & Outsourcings Risk policy and risk management framework.
Ensure alignment with regulatory and business objectives.
Define key controls regarding Third Party & Outsourcings Risk aligned with key risks and risk appetite to achieve compliance with risk standards.
Define comprehensive guidelines and procedures to support consistent risk management practices across the organisation.
Conduct qualitative and quantitative risk analysis for Third Party & Outsourcings Risk.
Key results and desired outcomes:
Delivery of a strong 2nd LoD Risk Framework.
Development of scenarios and playbooks for key risk events.
Being a proactive and enabling partner for I&T, the Management Team I&T and the bank to mitigate or resolve identified risks that matter, and work
together with the business on e.g. appropriate risk responses.
Contribute to CRO strategic pillars simplicity, risks that matter a.o. by ensuring development of scenarios and playbooks for key IT & Cyber Risk events.
Key relationships
Reports to: Chief Risk Officer IT & Cyber (CRO IT & Cyber)
Direct reports 5 FTE
Working environment
Behavioral cultural within Risk Management:
Debate, debate, decide.
Gain different perspectives on impact throughout the value chain. Then take the decision, accept the decision and respect single accountability & responsibility.
Keep it simple. Start with the goal, set well-defined requirements, proactively address dependencies, seek feasibility in plans and don’t overpromise. No abbreviations.
Embrace Good. Don't go for perfect, do what’s right and compliant.
From being nice to being kind. Ask and act on feedback, be open about the good, bad and ugly. Reflect, adapt and move forward.
No excuses – stay the course, take the lead, own it. Act quickly, standardize progress updates to ensure timely support and escalate.
Your profile
In depth knowledge of relevant:
Laws and regulations, e.g. DORA, GDPR, NIS2.
Supervisory directives, e.g. EBA ICT & Security Risk Guidelines.
International standards, e.g. COBIT, NIST CSF, FAIR model.
Proven experience with IT risk assessments and control design:
Proven experience in conducting IT and cyber risk analysis.
Ability to identify, quantify, and prioritize risks at the enterprise level, including supply chain/third-party risks.
Designing, implementing and validating controls in critical domains: IAM, network segmentation, patch management, DLP, logging & monitoring.
Experience based knowledge with responsibility for cyber incident response & resilience in a complex IT environment.
Architectural knowledge and technological depth in critical domains.
Ability to lead assessments into the security architecture and provide input on, among other things:
Identity & Access Management (RBAC, MFA, PAM) Endpoint Detection & Response (EDR), SIEM en SOAR Cryptography and key management.
Understanding of current and emerging threats such as ransomware, APTs, insider threats, and zero-day exploits – including mitigation at the operational level.
Inspire & Enable
You inspire and enable others around the WHY and WHAT of ABN AMRO purpose and strategy.
You connect the dots and win the hearts and minds of your team.
You know how to mobilize your team(s) to enable execution and het to the right results.
Balance Ambiguity
You understand the context of ABN AMRO.
You know how to deal with ambiguity by effectively setting priorities and balancing the short and the long term.
You grow the business while being compliant and in control.
Challenge the Status Quo
You encourage and empower your team to challenge the status quo and experiment.
You are entrepreneurial while respecting the rules of the game.
You learn from success and failure and I am transparent about it.
Mindful Leader
You are mindful of who you are as a leader and how you show up for your team.
You connect to the ABN AMRO purpose and values and act on it.
Interested?
If you need more information or have any questions, please contact wico.van.spanje@nl.abnamro.com (HR). We look forward to meeting you!
Your Future: Inclusive, Innovative, Sustainable
At ABN AMRO, we believe in "Banking for better, for generations to come." Equal opportunities for everyone are a crucial foundation, as we strive for an inclusive culture where all employees feel seen, heard, and valued. Our vision of being a personal bank in the digital age aligns perfectly with the demand for surprising insights and innovative solutions, born from a diverse interplay of cultures and experiences. We focus on customer experience, sustainability, and building a future-proof bank, conducting annual reviews to ensure equal pay for equal work. Join a bank that embraces ingenuity and ambition, and make an impact with us for a better future.
If you want to apply for the B-Able or Reboot program, make sure to mention it both in the title and the content of your resume.
Disclaimer external recruitment agencies
External recruitment agencies need to have a signed agreement with ABN AMRO BANK N.V., executed by a Talent Acquisition Specialist, when submitting a resume to a vacancy. In addition, a recruitment agency can only submit a resume when invited by a Talent Acquisition Specialist to join the search for a right candidate. All unsolicited resumes sent to us will be considered property of ABN AMRO BANK N.V. In this case, ABN AMRO will not be held liable to pay a placement fee.
Who are your colleagues?
“Je merkt heel duidelijk dat ABN AMRO in beweging is. Er zijn continu nieuwe projecten aan de gang, waarvan een groot deel met duurzaamheid te maken heeft.”
"At the beginning of the COVID-19 crisis, we gave many of our customers a temporary moratorium on interest and redemption payments on their loans. It feels good to help businesses that are experiencing difficulties.”
"As controllers, we process the financial data and combining them into comprehensible reports. For example, we advise the management on the financial position of the company."
![](["https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/ab9Jkbz7\/uploads\/20230926%20ABN%20AMRO_226-bewerkt_Kopie%201.jpg"])
![](["https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/8JttsYxC\/uploads\/20251027%20Werken%20bij%20ABN%20AMRO_363_.jpg","https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/hpTlzxCC\/uploads\/20251027%20Werken%20bij%20ABN%20AMRO_366_.jpg","https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/LamZDA2q\/uploads\/20251027%20Werken%20bij%20ABN%20AMRO_379_.jpg","https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/oQ0qJPux\/uploads\/20251027%20Werken%20bij%20ABN%20AMRO_537_%20%281%29.jpg","https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/Ue7yaRdV\/uploads\/20251029%20Werken%20bij%20ABN%20AMRO_075_.jpg","https:\/\/www.werkenbijabnamro.nl\/media\/cache\/square_crop_center\/rc\/BXotm27E\/uploads\/Finance%20Risk%20Managment.jpg"])