Job Description
We’re looking for a sharp ICT governance leader who can elevate our strategy, strengthen oversight, and drive real impact across risk, compliance, and operational resilience. If you thrive at the intersection of technology, regulation, and smart decision‑making, this role is for you.
Key Responsibilities:
Own and maintain the ICT governance framework, ensuring alignment with organisational goals, compliance, and risk management.
Ensure ICT compliance with EU/local regulations (DORA, NIS2, CRA, EU AI Act) and translate requirements into actionable, evidence‑ready controls.
Lead ICT risk management, including methodology, assessments, risk register ownership, and remediation planning.
Manage the full lifecycle of ICT policies, standards, and procedures, ensuring consistent implementation.
Lead governance forums (KPI/KRI reviews, steering committees) and track GRC activities, audit findings, and remediation progress.
Coordinate and manage internal/external ICT audits, ensuring adherence to regulatory and policy expectations.
Serve as the primary liaison with business units, auditors, and regulators on scope, evidence, and timelines.
Define, monitor, and report ICT KPIs/KRIs and control effectiveness, driving continual improvement.
Oversee key ICT/ITSM processes (incident, change/release, business continuity/DR) to support operational resilience.
Lead AI governance and third‑party risk management while collaborating with the 1st Line of Defence to provide independent oversight.
Expected Skills and Experience:
Strong understanding of ICT governance and control frameworks (ITIL, COBIT) and their application in regulated environments.
Solid knowledge of security, risk, and privacy frameworks (ISO 2700x/30001, NIST CSF, DORA, NIS2, GDPR) and how they map to effective controls and assurance.
Ability to translate ICT risks and regulatory requirements (incl. DORA, EU AI Act) into practical, evidence‑ready controls and processes.
Strong grasp of agile delivery, cloud fundamentals, and security‑by‑design for applications and infrastructure.
Excellent communication and stakeholder management skills, including experience working with auditors and regulators.
Analytical and structured problem‑solver with the ability to propose and deliver pragmatic solutions.
High integrity, sound judgement, and discretion when handling sensitive information.
Resilient, decisive, and effective under pressure, with strong ownership of outcomes.
3+ years’ experience in ICT/tech risk, cybersecurity governance, IT GRC, IT audit, or operational risk, including hands‑on risk assessments and remediation.
Experience in regulated industries (ideally financial services), end‑to‑end audit management, third‑party/outsourcing governance, and modern GRC/audit tooling; business‑fluent English.
Education and Certifications:
Bachelor’s degree in IT, Computer Science, Cybersecurity, Business Informatics, or a related field; cloud/security training (e.g., Azure security/architecture) is a plus.
Preferred senior certifications such as CISM, CRISC, CISA, CISSP, or ISO 27001 Lead Implementer; additional IT governance or audit/project certifications (COBIT, ITIL 4/5, PMP) are advantageous.
Regulatory and AI governance training, ideally covering DORA, EU AI Act, ISO/IEC 42001, or NIST AI RMF‑aligned courses.
We offer:
A Truly Global Workplace – work with professionals from 40+ nationalities, bringing diverse expertise, perspectives, and a collaborative international culture.
Hybrid & Flexible Work – we support work-life balance with remote work options and modern office spaces across Europe.
A Culture of Growth – we invest in your future, offering LinkedIn Learning, mentorship, and professional development programmes, including HiPo and leadership development initiatives to support career advancement.
Financial Growth Opportunities – benefit from our share purchase matching programme, allowing you to invest in your future with matched contributions and long-term financial rewards.
Workation Programme – work remotely from different countries for up to 2 months per year, experiencing new cultures while staying connected and productive.
We may use artificial intelligence (AI) tools to support specific parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses against predefined criteria. These tools assist our recruitment team but do not replace human judgment. All final hiring decisions are made by human recruiters.
By proceeding to apply for a job with us, you confirm that you have read and accepted our Recruitment Privacy Policy