• Job code: QR6801
  • Security

SaaS Engineer (IT Risk)


For our client in Amsterdam we are looking for a SaaS Engineer (IT Risk).

Job description:

The SaaS Engineer operationally aligns with a 3rd party to whom IT operations (technical management, hosting, etc.) of an application is outsourced or who owns a SaaS application.

He/she maintains operational relationship with the 3rd party, i.e. (depending on the contract) collaborates on a daily basis, discusses solutions, helps if and when help is needed, shares relevant information with 3rd party and such. This concerns the activities that have been agreed upon in the SaaS/Outsourcing contract.


Create/update agreement with SaaS vendor accordingly the minimum IT Risk standard.

Make sure that all needed documents/evidence according to the IT Risk controls is up-to-date administrated in OCD (Operational Control Dashboard).

Support Business Owner/Asset Owner on creating RA (Risk Acceptance) and/or MIA (Management Identified Action), and follow up on MIA.

Align with 2nd LoD (Line of Defence) on IT Risk deliverables, and get approval where applicable.

Determine impact of ING infra-changes or new/changed ING standards and policies, and take care of needed follow-up.

You contribute to KCT (Key Control Testing) and SOX testing.

Your work environment:

You work within the SaaS team. The team consists of 10 SaaS Engineers, responsible for several (>50) outsourced and SaaS IT solutions. The team works according to the Agile/Scrum method, and reports to the chapter lead.

Your profile:

You are a driven SaaS Engineer who feels personal responsibility for the quality of your application and its reliability. You are passionate IT Risk, this is your main profession. You are ambitious with what you and your DevOps team want to achieve. You bring positive energy to the team and have very good social and communication skills. This leads to great performance.

You are accurate with focus on quality, you are convincingly towards vendors and HR business, you can build and maintain a relationship, you have organization sensitivity qualities.

Skills required:

Education at Bachelor/Master level with a strong analytical background, preferably in IT.

Relevant IT experience: 3 years.

Relevant domain (HR) experience: 2 years.

Understanding of the complete IT stack from application to hardware.

Experience with ING IT Risk controls.

Understanding of IT Risk framework.

Understanding of ISO/SOC certification.

Experience with Supplier Management.

Experience with Agile/scrum way of working.

ISACA certification (like CISM, CISA) is preferred.

Verbal and written communication skills (English and Dutch).