IT & ERM RISK SPECIALIST

Job Title: IT and ERM Risk Specialist

• Department: Risk and Compliance
• Location:  Bratislava
• Employment type: Full-time

About The Role

We are looking for a motivated and detail-oriented IT and ERM Risk Specialist to join our Risk and Compliance department. The primary mission of this role is to ensure the organization’s compliance with the Digital Operational Resilience Act (DORA) and to support the management of IT and cyber risks.  This role play vital part in the companies broader  Enterprise Risk Management (ERM) program and includes oversight of project related risk assessments and 3rd party risk management process.  You will work closely with internal stakeholders, IT teams, and procurement  to identify, assess, and mitigate risks related to information and communication technologies (ICT), cyber threats, and third-party service providers and ensure risk aware decision making. 

Key Responsibilities:

• Monitor and assess compliance with DORA and other ICT risk-related regulatory frameworks 
• Facilitate execution of company ERM
• Coordinate with 1LoD teams collection of inputs and monitorig mitigation plans
• Contribute to the evolution of risk methodologies, tools and document standards
• Perform IT risk assessments, gap analyses, and control evaluations in collaboration with IT and security teams
• Support business continuity and disaster recovery planning and testing, including incident management process from a risk perspective
• Maintain the ICT risk register and ensure timely reporting of key risk indicators 
• Monitor risk exposure from third-party ICT service providers and support third-party risk management (TPRM) processes
• Collaborate with procurement and legal to ensure vendor onboarding aligns with risk and regulatory expectations
• Prepare regular reports and documentation for senior management 
• Review project documentation from risk and compliance perspective
• Raise awareness and provide training on risk matters

Requirements:

• Experienced in risk management with focus on IT, security or a related field
• Minimum 2–4 years of experience in risk, or regulatory compliance (preferably in a financial institution)
• Strong knowledge of ICT risk frameworks and EU regulations, including DORA
• Familiarity with standards such as ISO/IEC 27001, NIST CSF, COBIT, or similar is advantage
• Experience with risk management tools, incident reporting, and business continuity practices
• Excellent analytical skills, attention to detail, and a proactive approach
• Strong written and verbal communication skills in English