ICT Risk & Compliance Lead

We are seeking a hands-on ICT Risk & Compliance Lead to strengthen our first line of defense capabilities. This role plays a key part in ensuring that ICT governance, risk management, and operational resilience practices meet evolving regulatory requirements — including compliance with the EU Digital Operational Resilience Act (DORA).

This is a hands-on role that requires close collaboration with technology teams, business units, and oversight functions to ensure that ICT risk and resilience controls are effectively implemented, maintained, and evidenced.

You will act as a central point for coordinating ICT governance and resilience activities, ensuring that our ICT risk posture remains robust and aligned with strategic and regulatory expectations.

Key Responsibilities include:

1. Implement and embed the ICT Risk Management Framework in day-to-day operations.
2. Maintain evidence of ICT control operation and track remediation of compliance gaps.
3. Manage and update the ICT risk register, asset inventories, dependency maps, and business impact analyses.
4. Conduct scenario-based walkthroughs to validate preparedness for severe but plausible ICT disruptions.
5. Support ICT governance committees, preparing risk reports and escalation materials.

Skills & Competencies required:

1. Strong understanding of ICT risk management frameworks (e.g., NIST, ISO 27001) and operational resilience principles.
2. Knowledge of DORA and experience applying ICT governance, risk, and compliance (GRC) practices in regulated environments.
3. Practical experience with disaster recovery, business continuity, and information security testing.
4. Proven incident management and reporting capabilities.
5. Collaborative approach with the ability to work effectively across first and second line functions.
6. Excellent written and verbal communication skills, with strong analytical and problem-solving abilities.

Qualifications & Experience:

1. Bachelor’s degree in information technology, information security, risk management, or related field.
2. 5+ years’ experience in ICT risk management, ICT operations, or ICT audit.
3. Professional certifications such as CISA, CRISC, or CISSP are advantageous.
4. Familiarity with GRC platforms (e.g., AuditBoard) preferred.
5. Experience in financial services or other regulated sectors is a plus.