IT GRC Specialist

As our IT Governance, Risk & Compliance Specialist, you will play a key role in safeguarding information and ensuring regulatory alignment across our organization. Your mission as part of the Security & Governance organization is to design and operationalize governance frameworks, risk and security controls, and continuity and compliance processes that strengthen our resilience and meet evolving regulatory requirements.

This is a hands-on role combining strategic influence with operational execution. You will collaborate closely with both IT and business stakeholders to embed best practices, translate complex regulations into actionable controls, and drive continuous improvement in governance maturity. Operating in a dynamic, highly regulated financial services environment, you will help balance compliance obligations with practical implementation realities.

Key Responsibilities:

• Develop and maintain ICT governance frameworks, policies, and procedures aligned with regulations (DORA, NIS2, GDPR, EU AI Act).
• Lead or support governance and compliance initiatives, including security & risk control implementation and process improvements.
• Ensure quality of continuity processes and routines.
• Facilitate risk management activities and integrate them into daily operations.
• Design and test internal controls with process owners.
• Coordinate audits and manage remediation follow-up.
• Collaborate with IT and business teams to embed GRC and security requirements in projects and systems.
• Support third-party risk management and vendor governance.
• Prepare reports on risk posture and compliance for senior management and regulators.
• Promote risk and control awareness through guidance and training.

Qualifications:

• Degree in Information Security, Computer Science, or related field.
• 5+ years in IT GRC, risk management, or compliance (financial sector preferred).
• Strong knowledge of ICT governance and EU regulations (DORA, GDPR, NIS2, EU AI Act).
• Experience implementing GRC frameworks and leading cross-functional projects.
• Skilled in documentation, communication, and problem-solving.
• Professional certifications (CISM, CRISC, ISO 27001) highly desirable.

Behaviors:

• Structured, self-driven, and results-oriented.
• High integrity and professionalism.
• Comfortable with ambiguity and change.
• Collaborative and solution-focused.
• Prioritizes effectively and respects deadlines.