IT Governance & Risk Officer

Job Description

The IT Governance & Risk Officer is responsible for driving the implementation, monitoring, and continuous improvement of IT governance and risk management practices. This role ensures alignment with the group standards, regulatory requirements (including DORA), and local business needs, while strengthening the IT risk culture across the organization.

Key Responsibilities:

IT Governance

• Ensure the effective implementation and continuous improvement of IT governance frameworks.
• Deploy and adapt group IT governance standards (procedures, controls, and requirements) to the local context.
• Support IT teams and stakeholders in adopting governance practices, ensuring proper documentation and control effectiveness.
• Monitor compliance with IT governance requirements and track remediation actions.
• Contribute to the definition and enhancement of the IT management system.
• Maintain and update IT procedures in alignment with Group governance and regulatory expectations.

IT Risk Management

• Deploy and promote IT risk management practices and risk awareness across the organization.
• Maintain the IT risk register, ensuring proper identification, assessment, mitigation, and reporting of risks (via ServiceNow).
• Conduct regular IT risk reviews and ensure risk documentation is up to date.
• Contribute to risk frameworks such as ORSA and RCSA from an IT perspective.
• Define and monitor relevant controls and Key Risk Indicators (KRIs).
• Oversee IT operational incidents and ensure proper reporting and follow-up.
• Lead IT control plan campaigns (methodology, coordination, validation of results, and reporting).
• Monitor IT audit activities and ensure implementation of recommendations.
• Maintain the inventory of Shadow IT.

Governance, Reporting & Committees

• Prepare and deliver regular reports on IT risks and governance for local and group stakeholders.
• Organize and present the quarterly IT Risk & Cyber Committee (KPIs, audit recommendations, obsolescence, Shadow IT, incidents, outsourcing, etc.).
• Support the CIO in preparing IT Steering Committees.
• Coordinate with Corporate and Head Office teams on governance and risk-related topics.
• Manage and track remediation plans related to risks, audits, and non-compliance.
• Participate in internal governance forums (Cybersecurity, Obsolescence, Asset Committees, etc.).

DORA Governance

• Support the deployment and monitoring of DORA (Digital Operational Resilience Act) requirements.
• Prepare and maintain DORA-related reporting at the local level.
• Review intragroup and third-party contracts, ensuring compliance with DORA requirements.
• Coordinate due diligence activities and governance processes with suppliers and group entities.
• Monitor DORA implementation progress and support steering committees.
• Contribute to supplier contractual reviews.

Main Activities

• Maintain IT risk data and controls in ServiceNow.
• Manage GKSP BI control campaigns and track results.
• Monitor and report on action plans and governance indicators (KPIs).
• Coordinate cross-functional stakeholders to ensure compliance and governance maturity.

Qualifications

• Strong knowledge of IT governance, risk management, and cybersecurity frameworks.
• Familiarity with standards and methodologies such as: COBIT, COSO, ISO 31000, ITIL, NIST, DORA.
• Experience in financial services, insurance, or regulated environments is preferred.
• Proficiency with tools such as ServiceNow and Microsoft Office Suite.

Languages

• French: C1 (mandatory)
• English: C1 (strong advantage)

Soft Skills

• Strong organizational and communication skills in multicultural environments.
• Ability to facilitate meetings and engage stakeholders at different levels.
• Detail-oriented with a commitment to high-quality deliverables and deadlines.
• Analytical mindset with strong problem-solving abilities.
• Proactive, structured, and results-driven approach.

Other Requirements

• Willingness to travel within Portugal and internationally when required.

Compliance & Ethics

In this role, you will be exposed to compliance-related risks and are expected to actively contribute to protecting the Bank sector. Strict adherence to policies and regulatory requirements is essential, including:

• Financial Security & KYC
• Client Protection
• Market Integrity
• Professional Ethics
• Anti-Bribery & Corruption
• Banking and Fiscal Compliance

Compliance is a core responsibility and a fundamental expectation for all employees.