We are seeking experienced IT and Cyber Risk Management Professionals to support organizations in the financial sector, in strengthening their IT security posture. As a key part of the second line of defense, you will oversee risk management processes and provide independent validation and assurance to ensure that the first line is adhering to IT and cybersecurity standards. This role is pivotal in ensuring the businesss resilience against evolving cyber threats and regulatory requirements and is specifically focused on providing long term assignments on maximum 1 or 2 clients, offering deep engagement with the client and a meaningful impact on IT and cybersecurity risk management.
Roles & Responsibilities:
* Monitor and assess IT and cybersecurity risks across the organization, focusing on second line oversight of the first lines risk management practices.
* Conduct independent risk assessments and challenge the first lines processes and control effectiveness across applications, business solutions, assets, and third party relationships.
* Review and validate risk assessments and treatment plans proposed by the first line, ensuring compliance with organizational and regulatory standards.
* Develop and manage IT and security control frameworks, ensuring alignment with internal policies, industry best practices, and regulatory requirements (e.g., ISO 27001, NIST, SOC).
* Support the implementation of the various aspects of DORA with the objective to achieve compliance.
* Conduct audits and provide oversight of IT and cybersecurity practices within the first line of defense, especially in third party risk management.
* Produce independent risk reports for senior management and governance committees, synthesizing security risks and providing recommendations for risk mitigation.
* Advise on risk management strategies and propose improvements to enhance the organizations security posture and overall risk maturity.
* Act as a trusted advisor to the business, providing guidance on emerging risks and ensuring that the first line implements appropriate risk mitigations.
* Ensure the integration and coherence of risk management processes across different business units, with a focus on third party risk.
* Oversee the review of IT and security contractual clauses with suppliers, ensuring they meet second lines standards for risk management.
* Collaborate with the first line, providing support and challenge to enhance the effectiveness of security controls and practices.
Skills & Qualifications:
1. 4+ years of experience in information security or risk management, with a focus on second line functions.
2. Experience in performing information security assessments or audits.
3. Demonstrated experience in operational security risk management.
4. Strong understand