Location and Work Setup:
The position is based in the Bucharest Office, near Grozavesti metro station, with a flexible hybrid way of working.
Responsibilities:
- Coordinate the risk assessment (RA) activities for 3rd party providers, in line with DORA requirements: liaising with internal IT team, business owners and external providers, lead the assessment process and the rating, and in some cases perform risk assessments based on audit reports, certifications, known incidents or events.
- Offer guidance to business and IT owners through risk assessment process for 3rd party providers.
- Collect from the 3rd party providers the necessary info and documents for the RA process.
- Be updated with the latest DORA regulatory requirements and translate the RA related requirements into actions.
- Perform reporting for risk assessment activities.
- Other DORA related activities, as requested.
What we are looking for:
- University degree
- Experience of at least 3 years in 3rd party Risk Management / IT Risk Management / IT Audit (internal or external)
- Strong understanding of DORA regulatory requirements
- Good knowledge of NBR legislation, EBA / ECB guidelines on ICT and security risk management
- Experience in conducting gap / risk assessments
- Ability to keep the deadlines and to deliver good results under pressure
- Analytical skills, able to work independently or in a team, as required by the tasks assigned
- Strong communication skills, both written and verbal for interaction with technical and non-technical stakeholders
- Ability to plan, organize and prioritize the activity
- English language – advanced level.
- Highest standard of ethics and integrity.