Key Responsibilities:
* Gain a solid understanding of DORA regulations (EU 2022/2554) and internal ISM/ISPL policy frameworks.
* Define system categorization and assessment strategies using CIAP criteria (Confidentiality, Integrity, Availability, Privacy).
* Conduct comprehensive IT risk assessments:
* Identify relevant threats and vulnerabilities.
* Evaluate and prioritize both operational and compliance risks.
* Recommend and plan appropriate mitigation measures.
* Ensure thorough documentation and reporting:
* Maintain and update the risk register and system categorizations.
* Prepare initial and final risk assessment reports.
* Update Confluence and other knowledge repositories accordingly.
* Collaborate effectively across teams:
* Report directly to the Head of IT Security.
* Work closely with IT Operations and key stakeholders.
* Participate in both scheduled and ad-hoc security and risk reviews.
Technical Requirements:
Must-Haves:
* Strong knowledge of DORA (EU 2022/2554) compliance requirements.
* Proven experience in risk assessments and applying CIAP principles.
* Skilled in risk documentation and reporting.
* Effective communication and collaboration with IT and security teams.
Nice-to-Haves:
* Experience with Confluence or similar documentation tools.
* Familiarity with ISM/ISPL policy frameworks.
* Understanding of incident response and business continuity planning.