WorldFirst Careers

Description

• Develop, maintain, and oversee the Information Security and ICT Risk Management Frameworks in line with DORA, ISO 27001, NIST, and other applicable standards.
• Establish, maintain, and enforce security policies, standards, and procedures.
• Provide independent second-line challenge to first-line controls and risk management activities.
• Report on security posture to the Board and leadership team.

• Ensure full compliance with DORA (ICT risk management, incident reporting, resilience testing, third-party risk), PSD2-SCA, PCI-DSS, SWIFT CSP, GDPR (as it relates to ICT), and EBA guidelines.
• Act as the primary liaison for DNB, EBA, and other regulators; manage regulatory inquiries, audits, inspections, and reporting obligations.

• Own and manage end-to-end response to security incidents and data breaches, including coordination, escalation, investigation, containment, and regulatory reporting in line with DORA and GDPR.
• Oversee access control governance, including user provisioning, privileged access, and periodic access reviews.
• Manage KMS and (CBD) security practices in accordance with internal policies and regulatory expectations.

• Maintain ownership of all outsourced security activities (e.g., SOC, penetration testing providers), ensuring service quality, SLA adherence, and alignment with security and compliance requirements.
• Manage the ICT third-party risk lifecycle, including due diligence, ongoing monitoring, and maintenance of the DORA register of critical ICT third-party providers.

• Identify, assess, prioritise, and report ICT and cyber risks; define key risk indicators and present risk posture to the Board and Risk Committees.
• Oversee digital operational resilience testing (including threat-led penetration testing) and disaster recovery from an ICT perspective.
• Monitor the governance and technical effectiveness of cybersecurity controls (SIEM, EDR, DLP, IAM, vulnerability management, and data security) and track remediation of audit and assessment findings.

• Deliver security awareness programmes and foster a security-conscious culture.
• Advise the local entity Board, senior management, and technology teams on risk posture, outsourcing, and major technology changes.
• Collaborate with and provide subject-matter expertise to the EMEA Information Security team on regional projects and BAU activities.

• 8+ years’ experience in ICT risk, cybersecurity governance, or audit within financial services.
• Proven experience implementing DORA and engaging with DNB or comparable EU regulators.
• Strong technical foundation in cloud security, IT infrastructure, application security, and cyber threats.
• Strong knowledge of cloud security controls, SIEM, EDR, DLP, IAM, and security architecture.
• Awareness of AI security risks and controls.
• Experience in incident response and third-party security management.
• Ability to influence stakeholders, present to Boards and regulators, and operate independently in a second-line role.
• Fluent in English and Dutch.
• Demonstrated ability to lead complex security compliance, incident response, and security initiatives in regulated environments.