Rohit Dubey

International Secondment from ING Netherlands
Reporting to: CISO | Collaboration with: CIO Leadership Team, Global IAM

Role Summary

Currently serving on international secondment from ING Netherlands as the IAM Governance & Compliance Lead for ING Australia. Providing strategic direction and operational leadership across Identity Governance, Compliance, and Privileged Access Management. Partnering closely with the CISO, CIO LT, and global IAM stakeholders to uplift IAM maturity, strengthen risk posture, and ensure alignment with global PCS standards and regulatory expectations. Leveraging strong audit background—including SOX controls, three lines of defence, and evidence‑based assurance—to enhance audit readiness and close long‑standing IAM control gaps.

Key Responsibilities

• Lead the uplift of IAM governance, maturity, and compliance across ING Australia, ensuring alignment with internal policies, global standards, and regulatory frameworks.
• Assess IAM maturity, identify gaps, and define a modern, future‑focused IAM strategy with clear communication to senior stakeholders.
• Manage and mentor a high‑performing IAM engineering team, delivering secure, scalable, and compliant IAM solutions.
• Develop detailed technology reference architectures, integration roadmaps, and control‑evidence guidance for IAM capabilities.
• Act as a trusted advisor to senior leadership, ensuring IAM aligns with risk appetite, audit expectations, and the three lines of defence model.
• Oversee audit readiness, evidence coordination, remediation planning, and risk reporting for IAM controls, supported by strong SOX and audit experience.
• Collaborate with CIO LT, system architects, CyberArk teams, IAM operations, and global IAM communities to deliver enterprise‑wide IAM outcomes.
• Contribute to global IAM policy creation, validation, and process control standards across ING Group.
• Translate regulatory frameworks (DORA, GDPR, ISO 27001, NIST) into actionable governance models, policies, and control strategies for engineering teams and stakeholders. Drive project delivery, manage timelines, mitigate risks, and provide regular reporting to CISO, CIO LT, and global IAM leadership
  

Key Achievements

• Restored IAM risk posture to within defined risk appetite through targeted governance and control uplift.
• Led the enterprise HPA reduction program, delivering all KPIs set by the ING Bank CTO and eliminating insecure high‑privilege access (including closure of long‑standing MIA findings).
• Delivered major IAM transformation initiatives, including PAM/PSM uplift and MFA rollout across critical applications, servers, and network devices.
• Delivered the ING Australia IAM roadmap aligned with global PCS standards, using global HPA reference architecture and emerging PCS/IT security standards to strengthen IAM governance and control maturity
• Built and led a high‑performing IAM engineering team, strengthening delivery capability and operational maturity.
• Enhanced audit readiness across IAM by improving evidence quality, coordinating remediation, and aligning controls with SOX and three‑lines‑of‑defence expectations.
• Contributed to global IAM policy creation, process control standards, and strategic initiatives, recognised as a trusted advisor to senior leadership.

IAM Governance & Compliance Lead — ING Netherlands

Risk Area Lead, Identity & Access Management (IAM)
Reporting to: Head of IT Risk & Security C&G entities | Collaboration with: CIO Leadership Teams across C&G entities, Global IAM, Corporate Information Risk Management

Role Summary

Serving as the Risk Area Lead for the IAM domain within ING Netherlands, overseeing Identity Governance, Compliance, and Privileged Access Management across multiple Challenger & Growth (C&G) entities including Romania, Italy, Australia, Turkey, Spain, and Germany. Providing strategic direction to uplift IAM maturity, strengthen risk posture, and ensure alignment with global PCS standards, IT Security Standards, and regulatory expectations. Steering entities to achieve strong control assurance, ensuring that 95% of Critical and 90% of High applications compliance on all IAM controls. Leveraging deep audit experience—including SOX, control testing, and three lines of defence—to drive consistent, high‑quality assurance across all entities.

Key Responsibilities

• Lead the C&G IAM Flying Squad, working with Global IAM and Second Line teams to assess IAM maturity across entities, identify gaps, and harmonise control requirements, execution, and testing.
• Manage and mentor a First Line control‑testing team of 10 specialists based in Bratislava, ensuring consistent and accurate IAM control assurance.
• Bridge the gap between local entity First Line Management (FLM) and global First and Second Line expectations by interpreting global IAM policies, translating them into practical local implementation guidance, and ensuring consistent understanding across all entities.
• Chair the IAM SteerCo for all C&G entities, driving progress on IAM continuity plans and ensuring readiness for upcoming changes in PCS and IT Security Standards.
• Develop and deliver guidance for Engineers, IT Custodians, and Asset Owners on IAM control evidencing, strengthening alignment between local execution and global governance requirements.
• Lead the enablement and integration of global tooling to support IT risk control automation, reducing manual evidencing workload for engineering teams.
• Represent C&G entities in global IAM and Corporate IRM forums, contributing to the creation, testing, and validation of IAM policies, Process Control Standards, IT Security Standards, and test plans. Conduct training and awareness sessions across entities to support adoption of global IAM tooling (One Identity, CyberArk, Amyna, ADG, SOLLAR, SDT, FQD+, ServiceNow integrations).
  Deliver monthly central reporting to all local CIOs and CISOs on behalf of the Head of IT Risk & Security, covering IAM risk scores, KPIs, control‑evidence dashboards, and challenge sessions.
  Perform frequent onsite visits to C&G entities with Global IAM and Corporate IRM to conduct control testing, validation, and maturity assessments.

Key Achievements

• Strengthened IAM maturity across all C&G entities by harmonising control execution, testing, and assurance practices.
• Improved control assurance for Critical and High applications, steering entities toward achieving Stage 8+ compliance across IAM controls.
• Established a unified IAM governance model across six countries, reducing fragmentation and improving audit readiness.
• Enabled automation of IT risk controls through tooling integration, significantly reducing manual evidencing workload for engineering teams.
• Built a high‑performing First Line control‑testing team, improving accuracy, consistency, and audit outcomes across entities.
• Recognised as a key contributor in global IAM policy creation, PCS development, and IT Security Standards validation.
• Strengthened collaboration between local CIO/CISO teams and global IAM leadership through structured reporting, challenge sessions, and continuous engagement.
  

IT Risk & Security COE — ING Netherlands

Reporting to: Head of IT Risk & Security | Collaboration with: CIO Leadership Teams, Global IAM, Corporate IRM

Role Summary

Serving as a key member of the IT Risk & Security Centre of Excellence (COE), responsible for steering the execution, implementation, and uplift of IT controls across multiple Challenger & Growth (C&G) entities including Romania, Italy, Australia, Turkey, Spain, and Germany. Driving maturity uplift across domains such as Foundation, IAM, Change Management, Platform Security, and Security Monitoring. Partnering closely with entity CISOs, CIO LT, and global stakeholders to accelerate adoption of global tooling, strengthen control automation, and ensure consistent interpretation and implementation of global IT Security and IT Risk standards. Delivering centralised dashboards and monthly reporting to CIOs and CISOs, and challenging entities to achieve strong control assurance (95% Critical and 90% High applications in full compliance)

Key Responsibilities

• Act as a trusted partner to the Head of IT Risk & Security, ensuring IT Risk and IT Security requirements are proactively embedded across all C&G entities.
• Raise awareness among Business, IT Leads, and Product Owners on IT Minimum Standards and IT Security Standards, ensuring consistent understanding and adoption.
• Train IT Engineers on ING security and risk requirements (IRM IT Minimum Standards & CISO IT Security Standards).
• Hire, onboard, and mentor IT Risk Engineers embedded within DevOps teams to ensure security and risk are integrated into the IT backlog from day one.
• Lead central First Line Monitoring (FLM) teams, ensuring evidence is only moved to compliant stages when fully validated and properly documented.
• Ensure secure and compliant services are delivered by ING Internal Service Providers for consumption by C&G entities.
• Challenge IT process capabilities and drive implementation of global IT processes across all entities.
• Liaise with Corporate IRM (CIRM) and Corporate Audit Services (CAS) to ensure predictability and readiness for spot checks and IT audits throughout the year.
• Ensure entities progressively onboard to global IT Security tooling and retire local tooling as part of global migration initiatives.
• Support Business, IT, and CISO departments in third‑party contracting activities (RFI/RFP reviews, risk assessments, due diligence).
• Reduce the burden of IT Risk evidencing on engineers by driving IT Risk automation initiatives and tooling integration.
• Review vulnerability reports, technical state compliance, and security incident reports; provide expert consultation to IT teams for remediation.
• Support and guide entities in executing cloud risk assessments and designing secure cloud solutions per application.
• Drive DevSecOps model implementation across retail entities to enable shift‑left security and embed secure‑by‑design practices.

Key Achievements

• Delivered a centralised control‑evidence dashboard and monthly CIO/CISO reporting, providing a unified compliance view across all C&G entities.
• Led the migration from local to global IT Security tooling, improving automation, consistency, and audit readiness across the region.
• Strengthened IT control assurance, driving entities toward 95% Critical and 90% High application compliance and improving audit outcomes through close alignment with CIRM and CAS.
• Uplifted IT Risk Engineering capability, enhanced vulnerability and technical compliance management, and drove global process adoption to align local execution with global governance standards.

Senior IT Security Engineer — Verifone

Reporting to: LHOS (Local Head of Security)

Role Summary

Served as a Senior IT Security Engineer responsible for embedding security and privacy into cloud‑native solutions, strengthening AWS security posture, and ensuring compliance with internal and external regulatory requirements. Acted as the key security focal point for IT Security & Risk Management, operational security teams, and cloud engineering, providing expert guidance on secure design, access governance, and compliance frameworks including PCI‑DSS. Delivered security awareness, training, and risk‑based consultation to engineering teams to ensure secure‑by‑design principles were consistently applied across the organisation.

Key Responsibilities

• Embed Security by Design and Privacy by Design principles into AWS cloud solutions, ensuring secure architecture, configuration, and deployment practices.
• Act as the primary security contact for collaboration with IRM (IT Controls) and SOM (Security Operations & Monitoring) teams on AWS cloud security requirements.
• Oversee security and compliance management on AWS, including user access governance, identity controls, and continuous monitoring.
• Provide subject matter expertise in IT Risk Management, delivering training, awareness sessions, and guidance to engineering and product teams.
• Support and contribute to PCI‑DSS compliance, ensuring cloud environments and processes meet required security controls and audit expectations

Key Achievements

• Improved compliance readiness by aligning AWS access controls and monitoring with IRM and PCI‑DSS requirements.
• Enhanced organisational security awareness through targeted training and risk‑management sessions for engineering teams.
• Recognised as the key security liaison for cloud governance, bridging gaps between engineering, IT controls, and operational security teams

IT Risk Engineer — ING Netherlands

Reporting to: IT Area Lead

Role Summary

Served as an IT Risk Engineer responsible for embedding IT Risk and Security controls into DevOps delivery, ensuring compliance with ING IT Risk policies, IT Security Standards, and regulatory expectations. Acted as a key advisor to Product Owners, IT Squads, and Security teams, translating global risk requirements into practical, actionable backlog items. Strengthened control assurance through evidence management, automation onboarding, and continuous collaboration across First and Second Line stakeholders.

Key Responsibilities

• Ensure IT Risk and Security controls are implemented, maintained, and kept in a compliant state across assigned applications and services.
• Apply strong knowledge of ING IT Risk policies and standards to guide DevOps teams in secure delivery.
• Translate IT Risk & Security controls into clear, SMART backlog items for engineering teams.
• Implement requirements set by the Local Head of IT Security and ensure timely delivery.
• Upload and maintain high‑quality control evidence in ING’s IT Risk Management tooling.
• Provide expert consultation to DevOps teams on IT Risk, Security challenges, and remediation approaches.
• Ensure onboarding to ING Global services, procedures, and IT Risk automation capabilities.
• Document IT Risk & Security procedures for DevOps teams to follow in daily operations.
• Actively participate in change management processes to ensure all risk and security requirements are assessed and fulfilled.
• Maintain and update key IT Risk deliverables (BIA, DRA, Security Baseline) with stakeholder approval.
• Manage stakeholders including Product Owners, IT Squads, IT Security, and IRM.
• Monitor and report IT Risk & Security metrics to ensure transparency and timely remediation.

Key Achievements

• Strengthened IT Risk compliance by embedding security controls into DevOps workflows and ensuring timely evidence submission.
• Improved control quality and audit readiness by translating complex risk requirements into practical engineering tasks.
• Enhanced collaboration between DevOps, IT Security, and IRM, ensuring consistent understanding of global policies and standards.

Information Security Consultant - Capgemini

Reporting to: Team Lead

Role Summary

Served as an Information Security Consultant providing technical security support, cloud‑security guidance, and operational risk management across IT environments. Supported users and engineering teams with troubleshooting, secure configuration, and incident response while contributing to continuous improvement of security tools, processes, and operational resilience. Ensured systems remained secure, patched, and compliant, and played an active role in disaster recovery readiness.

Key Responsibilities

• Provided user support, troubleshooting, and escalation management for security‑related issues across cloud and on‑prem environments.
• Delivered knowledge sharing and technical assistance to team members, particularly in cloud security practices.
• Recommended improvements to security tools, processes, and operational workflows across the IT lifecycle.
• Ensured all servers were patched in accordance with patch‑management policies and security requirements.
• Participated in disaster recovery planning and execution to strengthen organisational resilience.

Senior System Engineer — IGate Global Solution

Reporting to: ISMS Lead

Role Summary

Served as a Senior System Engineer responsible for supporting and maintaining critical server infrastructures across Windows, Linux, and AS400 environments. Ensured operational stability, timely incident response, and adherence to security and ISMS requirements. Played a key role in managing major incidents, maintaining SLA compliance, and strengthening system resilience through proactive monitoring and escalation management.

Key Responsibilities

• Provided end‑to‑end server support across Windows, Linux, and AS400 platforms, ensuring secure and stable operations.
• Managed critical and major incidents within SLA timelines, including escalation handling and communication of critical alerts.
• Supported ISMS‑aligned operational practices, contributing to secure configuration, monitoring, and compliance activities.

IT Support Executive

Reporting to: Team Lead

Role Summary

Provided technical support across the organisation, managing the installation, configuration, and administration of computer systems. Ensured smooth IT operations by diagnosing system issues, resolving performance bottlenecks, and creating clear, user‑friendly documentation to support non‑technical end‑users.

Key Responsibilities

• Managed the development, installation, configuration, and administration of computer systems and end‑user environments.
• Created user‑friendly manuals and documentation, translating technical information into clear guidance for non‑technical audiences.
• Diagnosed system errors, failures, and performance issues using specialised software tools and troubleshooting techniques