This ICT and Security Risk Control Manager position is a key role in managing information technology and security risks within a financial institution in Luxembourg. The role is part of the 2nd Line of Defence and includes the responsibility of managing, supervising, and controlling IT and security risks while ensuring compliance with local and European regulations.
Summary of key responsibilities
Framework and governance:
Define, implement, and maintain the governance framework for ICT and security risks
Control and update the IT risk register
Ensure regulatory compliance and oversee assessments required by regulators
Advisory and supervision:
Advise projects on ICT and security risk-related matters
Monitor IT risk management activities and provide transparency reports and performance indicators (KPIs and KRIs)
Incident management: Investigate information security incidents and follow up with relevant parties
Communication:
Prepare and lead quarterly IT risk committees
Report risks to committees and the board of directors
Supervision of local initiatives:
Integrate local requirements into the global policies and initiatives of the parent company (Switzerland)
Act as the local point of contact for data leak prevention
Key requirements
Experience and skills
Significant experience in IT risk management within the financial sector
Strong knowledge of Luxembourg and European regulatory standards
Relevant certifications (CISSP, CISM, CISA, CRISC)
Personal qualities
Excellent interpersonal and analytical skills
Ability to work autonomously and proactively
Proficiency in English, with ideally additional skills in German or French
Ideal profile
You are meticulous, detail-oriented, and capable of addressing complex issues
You have a strategic vision while being able to dive into operational aspects