Senior Risk Officer

Senior Risk Officer – ICT Risk & Internal Control Specialist (Permanent contract, CDI)

This opportunity could change your life!

The Mission

OneLife is a Luxembourg life insurance company specialised in cross-border financial planning solutions for wealthy clients across Europe and beyond. To support our growth, we are looking for the right candidate to join our passionate Risk Management Department. The open position contributes to a broad range of activities under the responsibility of the Risk Management Department, with a dual focus on ICT risk and Internal Control matters.

The role ensures effective identification, assessment, monitoring, and reporting of ICT risks, supporting operational resilience and compliance with regulatory frameworks, including Solvency II, DORA, and GDPR. It contributes to the ICT risk management framework and embeds ICT risks in the overall risk management strategy. The Senior Risk Officer works with the IT Department and other Departments to ensure a coherent approach to ICT risk across the organisation. The role also supports the design and oversight of the internal control system beyond ICT and contributes to risk reporting to senior management and governance bodies. It may involve other initiatives and risk assessments within the Risk Management function.

Main objectives of the role

• Maintain and continuously improve the ICT Risk Management Framework, aligning with regulatory requirements and industry best practices.
• Strengthen the Internal Control framework and promote a strong Internal Control culture across all business areas.
• Conduct ICT risk assessments, maintain the ICT risk mapping, and support integration of ICT risk into the overall risk landscape.
• Lead risk analyses related to IT projects, infrastructure changes, and critical applications; coordinate mitigation plans with IT, IT Security, and other operational teams.
• Monitor the effectiveness of first-level controls (ICT and non-ICT); provide guidance on risk mitigation and control improvements.
• Perform second-level controls as defined in the Control Plan, including non-ICT areas, and support enhancement of first-level controls across all departments.
• Contribute to ICT incident management, including root cause analysis, lessons-learned reviews, and follow-up on corrective and preventive actions.
• Ensure ICT risk governance is in place, contribute to committees, prepare risk reporting, and escalate key risks to senior management and governance bodies.
• Monitor emerging ICT threats, regulatory changes, and market developments to strengthen the ICT risk management approach.
• Act as a key contact for business units on ICT risk matters; embed ICT risk considerations in key processes, projects, and change management initiatives.
• Support ICT risk awareness initiatives and contribute to training and communication activities.
• Support oversight of key service providers (ICT and non-ICT) to ensure resilience and risk management expectations are met.
• Contribute to day-to-day activities of the Risk Management function and promote a strong risk culture and continuous improvement.

Profile of our future teammate

• Master’s degree in Risk Management, Information Technology, Information Security, or a related field.
• Minimum 5 / 7 years of relevant experience in Risk Management, preferably with a focus on ICT risk and internal control in a regulated financial services environment (insurance or banking).
• Solid knowledge of ICT risk and operational risk management frameworks, practices, tools, and regulations (e.g., DORA, Solvency II, GDPR) and standards (e.g., ISO 27001, ISO 27002).
• Experience designing, executing, and reviewing first- and second-level controls across various operational areas.
• Ability to conduct structured risk assessments, analyze incidents, and propose effective mitigation measures.
• Strong verbal and written communication skills; able to explain risk-related matters to technical and non-technical audiences.
• Proactive with the ability to manage priorities autonomously while contributing to team objectives.
• Ability to work effectively with cross-functional teams and provide guidance.
• Fluency in French and English; other languages are an asset.
• Professional certification in Risk Management, Internal Control, or Information Security is an asset.

Are you interested in working for a growing Luxembourg-based life insurance company?

Jump into the adventure and join a team with a supportive and collaborative working environment. We encourage all applications and would be pleased to welcome you for an interview.

Interested candidates should submit their application, including your CV, via Moovijob.com.

OneLife exists to overturn conventional attitudes to life assurance. As a specialist with close to 35 years’ experience, we develop cross-border financial planning solutions for wealthy clients across Europe and beyond. We offer long-term savings, inheritance planning and wealth management solutions crafted to suit individual needs. We work with a network of private banks, family offices and independent financial advisers. Our team provides a fresh approach for understanding and anticipating the needs of wealthy clients in a changing world. With more than EUR 10.5 bn in assets under management, OneLife is a member of Groupe APICIL, supporting health and life insurance, pensions, and related financial services.

• Member of the Insurance collective agreement
• 13th month
• Lunch vouchers: EUR 13
• Pension plan
• Flexitime hours & teleworking authorised (possibility to exceed the authorised tax threshold within the limit of 25% of the working time)
• 35.5 days of holidays per year
• Employee development opportunities
• Fruit at the office, sports committee, social events
• Inclusive company