Information Security Risk Officer
Role overview
## 1. ICT Risk Management & Regulatory Compliance
- Contribute to the annual ICT Risk Framework report by gathering data and drafting sections for CISO review
- Track regulatory developments (DORA, local circulars) and prepare impact assessments
1. ICT Risk Management & Regulatory Compliance
<strong>2. </strong><i><strong>Third Party Risk Management (TPRM)</strong></i>
<strong>3. </strong><i><strong>Major Incident Management & Regulatory Reporting</strong></i>
<strong>4. </strong><i><strong>Business Continuity Management (BCM) & Operational Resilience</strong></i>
<i><strong>5. Security Operations & Monitoring</strong></i>
<i><strong>6. Governance & Security Awareness</strong></i>
Skills and experience
Our Values
Accountability: Taking ownership for tasks and challenges, as well as seeking continuous improvement
- Contribute to the annual ICT Risk Framework report by gathering data and drafting sections for CISO review
- Track regulatory developments (DORA, local circulars) and prepare impact assessments
- Maintain compliance documentation and support regulatory reporting activities
- Assist in preparing materials for regulator communications and audits
- Perform security due diligence and risk assessments on new and existing ICT service providers
- Monitor third-party compliance with contractual security requirements and SLAs
- Follow up on third-party security incidents and escalate as required
- Execute incident response procedures and participate in security incident investigations
- Assist in classifying incidents according to DORA major incident criteria
- Draft regulatory major incident notifications (initial, intermediate, final reports) for CISO validation
