Cybersecurity & GRC Trainee

We are hiring!

We are seeking a motivated and curious trainee to join our Cybersecurity Governance, Risk & Compliance (GRC) area within the Technology & Operations Department. This role is aimed at a junior professional at the beginning of their career who is eager to learn about information security governance, regulatory compliance, and operational resilience in the financial sector.

The trainee will mainly provide functional and governance support, contributing to the implementation of the Digital Operational Resilience Act (DORA) and to other strategic initiatives, while benefiting from structured on-the-job training and close guidance from senior team members.

Main Responsibilities

• Provide functional support to the implementation and follow-up of the DORA regulatory framework, including documentation, mapping, and evidence organization.

• Assist in maintaining information security, ICT risk, and operational resilience documentation (policies, procedures, inventories).

• Support governance, risk, and compliance (GRC) activities, such as tracking actions, supporting risk assessments, and updating registers.

• Help respond to requests from regulators, Compliance, Internal Audit, and External Auditors, mainly through data collection, document preparation, and coordination with internal teams.

• Contribute to the preparation of reports, dashboards, and presentations related to cybersecurity governance and regulatory initiatives.

• Support the monitoring and follow-up of audit findings, ICT risks, incidents, and remediation actions.

• Assist in coordinating activities with IT, Risk, Compliance, and Operations teams.

• Participate in awareness and communication initiatives related to information security and operational resilience.

• Support other cybersecurity governance and GRC-related projects, as required.

Academic Background

• Degree in Information Systems, Management, Economics, Engineering, Computer Science, or a related field.

• Interest in cybersecurity governance, information security, risk management, and regulatory topics.

• Strong willingness to learn and develop professionally in a regulated environment.

Relevant Skills

• High attention to detail and good organizational skills.

• Structured and methodical approach to tasks.

• Ability to follow processes and work with documentation.

• Sense of responsibility, reliability, and willingness to learn.

• Good communication skills and ability to work in a team.

• Comfortable using common office and collaboration tools, including Microsoft Office and basic Microsoft-based environments.

• Fluency in English (written and spoken).

Nice to Have / Preferred Qualifications

• Basic academic exposure to GRC, operational resilience, ICT risk, or regulatory frameworks (including DORA).

• Familiarity with documentation, controls, or compliance-related activities.

• Awareness of the financial services or banking environment.

• Interest in cybersecurity from a governance and compliance perspective, rather than a technical one.

• Any introductory coursework or training in information security, risk, or compliance.