ICT Risk Experts - Oversight of Third-Party Providers (DORA)

As an ICT Risk Expert you will :

1. Provide ongoing support to the activities of the Lead Overseer, execute specific tasks in accordance with Article 1(1) of the [relevant regulation], and be involved in the execution and revision of the individual annual oversight plans of relevant CTPPs;
2. Perform desk-based reviews of policies, procedures, contractual arrangements, and financial and other relevant information of CTPPs;
3. Conduct on-site inspections and other reviews and assessments of CTPPs to verify compliance with ICT security standards and requirements;
4. Contribute to the preparation and monitoring of recommendations concerning the activities of CTPPs;
5. Perform other oversight activities within your area of expertise;
6. Comply with the applicable requirements of the JET Regulation;
7. Follow the information and data handling specifications and instructions provided by the “Lead Overseer coordinator” as referred to in the second sub-paragraph of Article 40(2) of DORA;
8. When carrying out oversight tasks, follow oversight procedures drafted jointly by the ESAs in relation to the conduct of oversight activities and any relevant operational area, including specifications related to the use of IT tools and equipment and time management;
9. Comply with the confidentiality regime of the ESAs;
10. Engage and collaborate with Joint Supervisory Teams (JSTs) within the SSM to ensure an efficient flow of information between JETs and JSTs to the extent permitted by the confidentiality rules;
11. Give presentations of the work performed by JETs to other ECB business areas to the extent permitted by the confidentiality rules;
12. Share recommendations issued by JETs with affected JSTs and share information collected by JSTs on CTPPs with the relevant JETs to the extent permitted by the confidentiality rules.

For these roles, we seek candidates who demonstrate potential for growth, and we will support their development of the required skills. The position offers excellent opportunities to shape the newly established oversight of CTPPs, impacting the EU regulatory framework for the benefit of consumers and investors. You will contribute to financial stability, build a network across authorities overseeing CTPPs in the EU, and be part of a multicultural team committed to continuous innovation to positively impact European citizens’ lives.

Essential :

• You must be a national of a Member State of the European Union or an acceding country, unless an exception is authorized by the appointing authority or otherwise provided for in the [relevant regulation];
• A master’s degree or equivalent in computer science, computer engineering, engineering, information security, software engineering, audit, control, compliance, business administration, or another relevant field (see for details on degree equivalences);
• Expertise in ICT matters and operational risk;
• A minimum of three years’ experience in ICT audit, ICT supervision, ICT risk management, or information security or cybersecurity risk management;
• Coordination, communication, collaboration, and presentation skills gained in multicultural environments, with ability to engage with internal and external stakeholders;
• The ability to draft high-quality documents, such as assessment reports;
• An advanced (C1) command of English and an intermediate (B2) command of at least one other EU official language.

Desired :

• Experience in ICT audit, supervision, risk management, or information security within the financial services industry;
• Knowledge of ISMS standards, ICT audit and risk management methodologies, DORA, and other EU/international cybersecurity frameworks;
• Experience in ICT security operations and technologies;
• Relevant certifications such as CISA, CISSP, or CRISC;
• Experience assessing ICT risk of credit institutions or resilience of ICT services by major providers.

You engage collaboratively, pursue team goals, learn from diverse perspectives, and communicate effectively. You analyze complex information, anticipate stakeholder needs, and are motivated to serve the EU citizens through your work. You are aware of your strengths and areas for development and are motivated to perform at your best.

Working in European banking supervision involves short-term abroad visits or training, and possibly longer inspections. We foster well-being and work-life balance, and value collaboration in multicultural teams operating under different national frameworks. Proficiency in multiple EU languages is an asset.