What will you do:

• Maintain the IT documentation lifecycle (policies, guidelines, procedural updates) in accordance with VIG Group and DORA requirements
• Execute third-party risk management processes, including maintaining the Information Register and organizing risk assessments of ICT service providers
• The completion of IT and security-related customer questionnaires in collaboration with relevant departments
• Prepare and submit regulatory reports (e.g., ICT-related incident reports, compliance reports), ensuring alignment with applicable timelines and thresholds
• Ensure local implementation of group-wide IT compliance frameworks and participate in internal and external audits
• Cooperate closely with the IT and IT Security teams on matters such as incident classification, control testing, and data gathering for compliance reporting
• Serve as liaison for DORA compliance topics and ensure alignment with local and group risk management, legal, and IT functions
• Participate in preparation and tracking of periodic internal control and resilience testing plans (e.g., BCP/DR tests)
• Track non-cybersecurity ICT incidents and support root cause analysis, follow-up actions, and reporting to stakeholders

Qualification requirements:

• Experience in IT compliance, IT audit, or IT risk management
• Familiarity with DORA, ISO 27001, and/or similar regulatory standards
• Understanding of third-party and operational risk principles
• Experience managing policy documentation, regulatory reporting, or internal controls
• Analytical thinking and attention to detail
• Strong organizational and communication skills
• Fluent in English (mandatory)

What We Offer:

• Opportunities for professional development and advancement
• Collaborative and inclusive work environment
• Health and well-being – additional health insurance
• Discounts for both companies’ and partners’ services
• 1 free day for social activities and volunteering
• 2 additional paid rest days per year
• Additional benefits

Salary: 3000 - 4000 (gross)