The European Payments Council (EPC) is seeking an experienced and highly skilled Risk Manager to join our team from December 2025/January 2026, taking on a key role in contributing to protect the EPC's operations reputation, and compliance.
About EPC:
The EPC is a financial sector association with a mission to promote payments harmonisation and integration throughout the Single Euro Payments Area (SEPA). The primary task of the EPC is to manage payment and payment-related schemes facilitating over 50 billion transactions in 41 countries each year schemes. To support the activities of the EPC, the EPC Secretariat provides strong digital payments' domain expertise, management and administration. It consists of a small and dynamic team within an agile organisation, coordinating the activities of payments experts from 41 European countries, organised in thematic working groups. Further information about the EPC can be found on our website:
What we offer:
* A work experience with a relevant, measurable impact on the way millions of citizens and enterprises access and use SEPA payment services every day, contributing to a thriving European economy
* A challenging job in a highly international environment, with a top reputation in the electronic payments sector.
* The advantages of working in a small team (around 20-people) with a flat, agile organisation, interacting and coordinating with the most comprehensive network of European and global experts in electronic payments.
* A competitive compensation package.
Responsibilities:
* Risk identification and assessment: map and prioritise key risks across operations, ICT, suppliers, and regulatory compliance for EPC payment schemes and internal (IT) environment.
* Collaborate with external suppliers, EPC members' risk experts, and EPC working groups to perform and maintain a comprehensive risk assessment, define and maintain a risk mitigation plan, and to implement effective risk controls, reporting to the Director General and to the Board as needed.
* Work closely with the EPC Legal team and IT management to mitigate potential risks, including but not limited to cyber, operational, outsourcing, fraud (if applicable) and reputational risks.
* Contribute to ensuring compliance with relevant regulatory requirements, including DORA, EBA Guidelines on Outsourcing Arrangements, GDPR, NIS2 Framework, etc., in tandem with the legal function.
* Evaluate business continuity plans of EPC's IT suppliers, including when opportune security testing activities.
* Incident management: support the response to incidents root cause analysis, and lessons learned.
* Stay informed about changes in regulations and industry standards, providing timely advice to the EPC.
* Contribute to the implementation of necessary standard frameworks (e.g., information security, outsourcing standards).
Profile:
* Responsible for identifying, assessing, and proposing mitigation actions for risks related to:
o EPC payment and payment-related schemes
o Supporting ICT platforms (e.g., EDS or future platforms for scheme interoperability and reachability)
o Internal EPC Secretariat IT environment
* 10+( years of experience in Risk Management (focused on ICT) within:
o Banks
o Financial Institutions
o Consulting in the Financial Services sector
o Payments IT Vendors
* Familiarity with risk frameworks (ISO 31000, COSO ERM, or similar) is required
* Experience developing risk registers, reporting to management, and coordinating cross-functional mitigation actions.
* Critical thinker with a constructive approach to organisational improvement
* Strong team player with initiative and self-motivation
* Excellent analytical skills and attention to detail
* Bachelor's degree required (M.Sc. or MBA preferred)
* ICT risk certifications desirable (CISA, CRISC, CISSP, etc.)
The working language of the EPC is English, therefore fluency in English (both spoken and written) is a key prerequisite for the position.
A work permit in Belgium is a mandatory prerequisite for the position.
The job requires physical presence at the EPC offices in Brussels for at least 2 days per week, therefore the position is not suitable for a remote job.
Application:
Candidates are invited to submit a cover letter and CV in English, along with the names and contact details of referees, to the following email address: - Please mention "Risk Manager" in the subject line.
Deadline for the application:
30 September 2025