ICT & Security Risk Officer (F/M)

ICT & Security Risk Officer

Job Summary

The ICT & Security Risk Officer will play a key role in supporting the organization’s cybersecurity and information security risk management framework. This dual-role position is responsible for assisting in the implementation of security policies, monitoring IT risks, and ensuring compliance with industry standards and best practices. The successful candidate will work closely with IT, Risk, Compliance departments, and business units to safeguard digital assets and minimize cybersecurity threats.

Key Responsibilities

Information Security Responsibilities:

• Assist in the development and enforcement of security policies, procedures, and guidelines.
• Monitor and analyze security alerts, incidents, and vulnerabilities, and provide recommendations for mitigation.
• Support the management of security awareness programs and training for employees.
• Participate in security assessments, penetration testing, and vulnerability scans.
• Assist in reviewing and implementing access control measures to protect sensitive data.
• Contribute to incident response planning and support investigations when necessary.
• Stay updated with emerging threats, vulnerabilities, and security trends.

ICT Risk Responsibilities:

• Assist in identifying, assessing, and mitigating IT and cybersecurity risks.
• Support the execution of ICT risk assessments and audits.
• Maintain risk registers and track remediation actions to reduce exposure to threats.
• Contribute to business continuity and disaster recovery planning and testing.
• Ensure compliance with regulatory and industry standards such as ISO 27001, NIST, GDPR, DORA and other relevant frameworks (CSSF and others).
• Work with internal teams to implement risk management strategies and controls.
• Prepare reports and presentations on security and risk findings for management.

Qualifications & Experience:

• 2-5 years of experience in information security, risk management, or IT governance.
• Good knowledge of security frameworks such as ISO 27001, ISO 27005, NIST CSF, and ISACA.
• Familiarity with risk management methodologies and security controls.
• Familiarity with financial industry and its regulations (CSSF).
• Knowledge of DORA (Digital Operational Resilience Act).
• Good understanding of networking, infrastructure security, and data protection concepts.
• Experience with security tools such as SIEM, IDS/IPS, and vulnerability scanners is a plus.
• Scripting, Automation skills and Industry certifications such as CompTIA Security+, CRISC, or ISO 27001 and others foundation are an advantage.

Key Skills & Competencies:

• Strong analytical and problem-solving skills.
• Excellent communication and report-writing skills.
• Ability to work collaboratively with cross-functional teams.
• Attention to detail and strong organizational skills.
• Eagerness to learn and stay updated with the latest security and risk trends.