DigiTribe - Risk & Audit Expert (Cloud & Security Initiatives)

Risk & audit expert - Cloud & Security initiatives (permanent)

We are seeking an experienced Risk & Audit Expert with strong expertise in Cloud Security, IT Risk Management, and Regulatory Compliance to support our strategic Cloud and Security initiatives. The ideal candidate will have a deep understanding of financial‑sector regulatory requirements, cloud frameworks, IT controls, and security best practices. This role plays a key part in ensuring our technology landscape remains secure, compliant, and aligned with industry standards.

Key responsibilities

• Risk management & governance:
  • Assess, identify, and document risks related to cloud migrations, cloud architecture, security controls, and third‑party service providers
  • Develop and maintain risk Management Frameworks aligned with financial‑sector policies and regulatory requirements (e.g., EBA, DORA, ISO 27001, NIST)
  • Participate in Cloud and Cybersecurity governance committees, providing expert recommendations on risk mitigation strategies
  • Support the creation and review of Cloud Risk Assessments, Data Protection Impact Assessments, and Security Exception requests
• Audit & compliance:
  • Lead and support internal and external IT audits related to cloud services, cybersecurity, and infrastructure
  • Ensure alignment with regulatory standards such as EBA Guidelines, DORA, GDPR, and local supervisory authority expectations
  • Prepare audit documentation, evidence, and reporting for regulators and auditors
  • Follow up on audit findings, define remediation plans, and track implementation until closure
• Cloud & Security expertise:
  • Evaluate cloud service providers (AWS, Azure, GCP, etc.) with regard to security controls, resilience, data protection, and operational risk
  • Review technical architecture and security design documentation to ensure compliance with the institution's standards
  • Support the definition and continuous improvement of Cloud Security Policies, Security Baselines, and Control Frameworks
  • Monitor emerging cybersecurity threats and cloud‑specific risks, providing recommendations for proactive mitigation
• Stakeholder management:
  • Collaborate with Engineering, Architecture, Security, Risk, Legal, and Compliance teams to ensure alignment on controls and requirements
  • Communicate complex risk and audit topics to non‑technical stakeholders in a clear and structured manner
  • Act as a trusted advisor during Cloud migration projects and security initiatives

Required skills & qualifications

• Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or related field
• 5+ years of experience in IT Risk, IT Audit, Cloud Security, or Cybersecurity roles within a Financial Institution or regulated environment
• Deep knowledge of security frameworks and standards: ISO 27001, NIST CSF, CIS Controls, SOC 2, COBIT, etc
• Strong understanding of Cloud environments (AWS, Azure, GCP) and their security controls
• Proven experience with regulatory requirements such as EBA Guidelines, DORA, GDPR, and local financial supervisory expectations
• Professional certifications are a strong asset: CISA, CRISC, CISM, CISSP, CCSK, CCSP
• Excellent analytical, communication, and documentation skills

Preferred qualifications

• Experience with cloud migration programs or hybrid cloud environments
• Knowledge of DevSecOps principles and CI/CD security controls
• Experience conducting Third‑Party / Outsourcing risk assessments
• Familiarity with financial‑sector risk methodologies (e.g., RCSA, KRI frameworks)