Risk & audit expert - Cloud & Security initiatives (permanent) We are seeking an experienced Risk & Audit Expert with strong expertise in Cloud Security, IT Risk Management, and Regulatory Compliance to support our strategic Cloud and Security initiatives. The ideal candidate will have a deep understanding of financial‑sector regulatory requirements, cloud frameworks, IT controls, and security best practices. This role plays a key part in ensuring our technology landscape remains secure, compliant, and aligned with industry standards. Key responsibilities Risk management & governance: Assess, identify, and document risks related to cloud migrations, cloud architecture, security controls, and third‑party service providers Develop and maintain risk Management Frameworks aligned with financial‑sector policies and regulatory requirements (e.G., EBA, DORA, ISO 27001, NIST) Participate in Cloud and Cybersecurity governance committees, providing expert recommendations on risk mitigation strategies Support the creation and review of Cloud Risk Assessments, Data Protection Impact Assessments, and Security Exception requests Audit & compliance: Lead and support internal and external IT audits related to cloud services, cybersecurity, and infrastructure Ensure alignment with regulatory standards such as EBA Guidelines, DORA, GDPR, and local supervisory authority expectations Prepare audit documentation, evidence, and reporting for regulators and auditors Follow up on audit findings, define remediation plans, and track implementation until closure Cloud & Security expertise: Evaluate cloud service providers (AWS, Azure, GCP, etc.) with regard to security controls, resilience, data protection, and operational risk Review technical architecture and security design documentation to ensure compliance with the institution's standards Support the definition and continuous improvement of Cloud Security Policies, Security Baselines, and Control Frameworks Monitor emerging cybersecurity threats and cloud‑specific risks, providing recommendations for proactive mitigation Stakeholder management: Collaborate with Engineering, Architecture, Security, Risk, Legal, and Compliance teams to ensure alignment on controls and requirements Communicate complex risk and audit topics to non‑technical stakeholders in a clear and structured manner Act as a trusted advisor during Cloud migration projects and security initiatives Required skills & qualifications Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or related field 5 years of experience in IT Risk, IT Audit, Cloud Security, or Cybersecurity roles within a Financial Institution or regulated environment Deep knowledge of security frameworks and standards: ISO 27001, NIST CSF, CIS Controls, SOC 2, COBIT, etc Strong understanding of Cloud environments (AWS, Azure, GCP) and their security controls Proven experience with regulatory requirements such as EBA Guidelines, DORA, GDPR, and local financial supervisory expectations Professional certifications are a strong asset: CISA, CRISC, CISM, CISSP, CCSK, CCSP Excellent analytical, communication, and documentation skills Preferred qualifications Experience with cloud migration programs or hybrid cloud environments Knowledge of DevSecOps principles and CI/CD security controls Experience conducting Third‑Party / Outsourcing risk assessments Familiarity with financial‑sector risk methodologies (e.G., RCSA, KRI frameworks)