What does a successful IT Compliance Expert do?
You will play a key role in ensuring the digital resilience of FD GmbH and work with internal departments and external stakeholders. Your responsibilities include monitoring and implementing the requirements of the Digital Operational Resilience Act (DORA), particularly in the areas of ICT risk management, information security, incident reporting, and service provider management. The core tasks include developing and implementing guidelines, managing the implementation of requirements in the pillars, conducting risk analyses and audits, training for employees, and reporting to senior management.
What you will do:
- Implement DORA requirements by monitoring and ensuring compliance with all DORA requirements within the company.
- Responsibility for ICT risk management by identifying, assessing, and managing information and communication technology (ICT) risks in accordance with DORA, as well as assisting in the preparation of reports for supervisory authorities/committees.
- Responsibility for incident reporting by developing and maintaining processes for the management and reporting of ICT incidents.
- Responsibility for information security by implementing and monitoring measures to ensure information security and cyber defense.
- Service provider management by assessment and management of digital risks posed by external IT service providers.
- Responsibility for governance and reporting by establishment of control mechanisms and preparation of regular reports on the status of DORA compliance for senior management.
- Trainings and awareness duties that include conducting trainings for employees to promote awareness of digital resilience.
- Close coordination with various departments such as legal, risk, and IT management, as well as external supervisory authorities; as well as coordination of audit and review processes (internal audit, BaFin, ECB, JAP).
What you will need to have:
- Experience in information security and ICT risk management, ideally in the financial sector.
- Knowledge of relevant regulatory standards such as ISO 27001, NIST, and COBIT.
- Regulatory knowledge of DORA and other relevant regulations.
- Fluent German
- Analytical skills and a proactive, independent approach to work.
- Strong communication and collaboration skills (with authorities and internal committees).
What would be great to have:
- Knowledge of third-party providers (outsourcing and other external procurement).
- Experience with IT projects.
#LI1-IB
R-10363919