Risk & Audit Expert - Cloud & Security Initiatives

Risk & Audit Expert - Cloud & Security Initiatives (Permanent)

Overview

We are seeking an experienced Risk & Audit Expert with strong expertise in Cloud Security, IT Risk Management, and Regulatory Compliance to support our strategic Cloud and Security initiatives. The ideal candidate will have a deep understanding of financial‑sector regulatory requirements, cloud frameworks, IT controls, and security best practices. This role plays a key part in ensuring our technology landscape remains secure, compliant, and aligned with industry standards.

Key Responsibilities

Risk Management & Governance

• Assess, identify, and document risks related to cloud migrations, cloud architecture, security controls, and third‑party service providers.
• Develop and maintain risk management frameworks aligned with financial‑sector policies and regulatory requirements (e.g., EBA, DORA, ISO 27001, NIST).
• Participate in Cloud and Cybersecurity governance committees, providing expert recommendations on risk mitigation strategies.
• Support the creation and review of Cloud Risk Assessments, Data Protection Impact Assessments, and Security Exception requests.

Audit & Compliance

• Lead and support internal and external IT audits related to cloud services, cybersecurity, and infrastructure.
• Ensure alignment with regulatory standards such as EBA Guidelines, DORA, GDPR, and local supervisory authority expectations.
• Prepare audit documentation, evidence, and reporting for regulators and auditors.
• Follow up on audit findings, define remediation plans, and track implementation until closure.

Cloud & Security Expertise

• Evaluate cloud service providers (AWS, Azure, GCP, etc.) with regard to security controls, resilience, data protection, and operational risk.
• Review technical architecture and security design documentation to ensure compliance with the institution's standards.
• Support the definition and continuous improvement of Cloud Security Policies, Security Baselines, and Control Frameworks.
• Monitor emerging cybersecurity threats and cloud‑specific risks, providing recommendations for proactive mitigation.

Stakeholder Management

• Collaborate with Engineering, Architecture, Security, Risk, Legal, and Compliance teams to ensure alignment on controls and requirements.
• Communicate complex risk and audit topics to non‑technical stakeholders in a clear and structured manner.
• Act as a trusted advisor during Cloud migration projects and security initiatives.

Required Skills & Qualifications

• Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or related field.
• 5+ years of experience in IT Risk, IT Audit, Cloud Security, or Cybersecurity roles within a Financial Institution or regulated environment.
• Deep knowledge of security frameworks and standards: ISO 27001, NIST CSF, CIS Controls, SOC 2, COBIT, etc.
• Strong understanding of Cloud environments (AWS, Azure, GCP) and their security controls.
• Proven experience with regulatory requirements such as EBA Guidelines, DORA, GDPR, and local financial supervisory expectations.
• Professional certifications are a strong asset: CISA, CRISC, CISM, CISSP, CCSK, CCSP.
• Excellent analytical, communication, and documentation skills.

Preferred Qualifications

• Experience with cloud migration programs or hybrid cloud environments.
• Knowledge of DevSecOps principles and CI/CD security controls.
• Experience conducting Third‑Party / Outsourcing risk assessments.
• Familiarity with financial‑sector risk methodologies (e.g., RCSA, KRI frameworks).