Key Responsibilities: Gain a solid understanding of DORA regulations (EU 2022/2554) and internal ISM/ISPL policy frameworks. Define system categorization and assessment strategies using CIAP criteria (Confidentiality, Integrity, Availability, Privacy). Conduct comprehensive IT risk assessments: Identify relevant threats and vulnerabilities. Evaluate and prioritize both operational and compliance risks. Recommend and plan appropriate mitigation measures. Ensure thorough documentation and reporting: Maintain and update the risk register and system categorizations. Prepare initial and final risk assessment reports. Update Confluence and other knowledge repositories accordingly. Collaborate effectively across teams: Report directly to the Head of IT Security. Work closely with IT Operations and key stakeholders. Participate in both scheduled and ad-hoc security and risk reviews. Technical Requirements: Must-Haves: Strong knowledge of DORA (EU 2022/2554) compliance requirements. Proven experience in risk assessments and applying CIAP principles. Skilled in risk documentation and reporting. Effective communication and collaboration with IT and security teams. Nice-to-Haves: Experience with Confluence or similar documentation tools. Familiarity with ISM/ISPL policy frameworks. Understanding of incident response and business continuity planning.