Key skills
CloudRisk ManagementDecision Making
About this role
Role Overview
- Drive the execution of the ICT risk management framework;
- Provide constructive challenge to Technology & Security teams;
- Ensure risks are monitored and reported effectively;
- Maintain and enhance the ICT & Security Risk Policy, procedures, and assessment methodology;
- Execute and coordinate enterprise-wide ICT risk assessments and targeted thematic reviews;
- Assess security findings and control weaknesses, validate risk severity, and ensure structured, risk-based remediation tracking;
- Provide effective 2nd line challenge to 1st line risk assessments; deliver pragmatic and actionable recommendations;
- Own and improve the ICT/Cyber risk register;
- Monitor risk treatment plans and mitigation effectiveness;
- Support NFR/Risk Acceptance governance;
- Build and maintain a meaningful KRI framework;
- Analyze trends across incidents, downtime, vulnerabilities, audit findings for forward-looking risk insights;
- Contribute to severe-but-plausible scenario analysis and resilience assessments;
- Lead the ICT change risk component by assessing high-risk changes.
Requirements
- 4+ years of experience in ICT/cyber risk, tech audit/controls, security governance, or operational risk with strong IT exposure;
- Hands-on experience performing risk assessments, control evaluation, and preparing management-level risk reporting;
- Good understanding of regulatory expectations and industry best practices (DORA, NIST CSF, ISO 27001/27002, COBIT, ITIL);
- Strong analytical mindset and the ability to translate technical vulnerabilities into clear business risk implications;
- Confidence to act as a constructive challenger when working with senior technical stakeholders;
- High standards for documentation and evidence-based writing, delivering audit-ready outputs;
- Comfortable working with KRIs, thresholds, and trend analysis;
- Integrity, independence, and sound professional judgment in risk-based decision making;
- Certifications such as CISM, CISSP, CRISC, CISA, ISO 27001 LA/LI, ITIL, COBIT are an advantage;
- Exposure to third-party ICT risk, cloud risk governance, scenario analysis or operational resilience exercises is considered a plus.
Tech Stack
- Cloud
Benefits
- Monthly budget for flexible benefits through the Benefit Online platform;
- Performance-based bonus;
- Banking facilities, benefits for private pension and discounts on insurance policies;
- Gifts for special occasions;
- Private medical services for you and your family;
- Hybrid and flexible work schedule;
- Up to 27 vacation days depending on your professional experience;
- Extra 7 days off per year if you have used up your vacation days;
- One day off for your birthday;
- Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
- Subscription to Bookster.