ICT Risk Experts - Oversight of Third-Party Providers (DORA)

Social network you want to login/join with:

col-narrow-left

European Central Bank

Frankfurt, Germany

Finance

-

Yes

col-narrow-right

10b1f7be289f

1

09.05.2025

23.06.2025

col-wide

Your role

As an ICT Risk Expert you will:

• Provide ongoing support to the activities of the Lead Overseer, execute specific tasks in accordance with Article 1(1) of the , and be involved in the execution and revision of the individual annual oversight plans of relevant CTPPs;
• Perform desk-based reviews of policies, procedures, contractual arrangements, and financial and other relevant information of CTPPs;
• Conduct on-site inspections and other reviews and assessments of CTPPs to verify compliance with ICT security standards and requirements;
• Contribute to the preparation and monitoring of recommendations concerning the activities of CTPPs;
• Perform other oversight activities within your area of expertise;
• Comply with the applicable requirements of the JET Regulation;
• Follow the information and data handling specifications and instructions provided by the “Lead Overseer coordinator” as referred to in the second sub-paragraph of Article 40(2) of DORA;
• When carrying out oversight tasks, follow oversight procedures drafted jointly by the ESAs in relation to the conduct of oversight activities and any relevant operational area, including specifications related to the use of IT tools and equipment and time management;
• Comply with the confidentiality regime of the ESAs;
• Engage and collaborate with Joint Supervisory Teams (JSTs) within the SSM to ensure an efficient flow of information between JETs and JSTs to the extent permitted by the confidentiality rules;
• Give presentations of the work performed by JETs to other ECB business areas to the extent permitted by the confidentiality rules;
• Share recommendations issued by JETs with affected JSTs and share information collected by JSTs on CTPPs with the relevant JETs to the extent permitted by the confidentiality rules.

We are seeking candidates who demonstrate potential for growth, and we will support their development of the required skills. The position offers excellent opportunities to shape the oversight of CTPPs, impacting EU regulatory frameworks, contributing to financial stability, and building a network across authorities overseeing CTPPs in the EU. You will be part of a multicultural team committed to continuous innovation to positively impact European citizens’ lives.

Qualifications, experience and skills

Essential:

• You must be a national of a Member State of the EU or an acceding country, unless an exception is authorized.
• A master’s degree or equivalent in relevant fields such as computer science, engineering, information security, audit, or business administration.
• Expertise in ICT matters and operational risk.
• At least three years’ experience in ICT audit, supervision, risk management, or cybersecurity.
• Strong coordination, communication, collaboration, and presentation skills; ability to engage with diverse stakeholders.
• Ability to draft high-quality assessment reports.
• Advanced (C1) English and at least intermediate (B2) proficiency in another EU language.

Desired:

• Experience within financial services in ICT audit, supervision, risk management, or cybersecurity.
• Knowledge of ICT standards, audit methodologies, DORA, EU/international cybersecurity frameworks, cloud security.
• Experience with ICT security operations and tools.
• Relevant certifications like CISA, CISSP, CRISC.
• Experience assessing ICT risks of credit institutions or resilience of ICT services.

You are collaborative, goal-oriented, analytical, stakeholder-aware, motivated by public service, and aware of your development areas. You value teamwork and diversity, and are motivated to contribute to the ECB’s mission.

Working modalities

Work involves short-term abroad visits, training, and inspections, fostering well-being and work-life balance. Collaboration in multicultural teams across different frameworks and languages is essential.