Finance & Insurance

IT and Cybersecurity Risk Officer

We are seeking an IT and Cybersecurity Risk Officer to join our team in Porto (hybrid model). 

In this project you’ll contact with the European stock market area. Despite its development center being located in Porto and all administrative support in Lisbon, you will be part of a multicultural team that is spread across several European cities.

Key Accountabilities:

  • Review and advise on the "Definition, Implementation and maintenance of the Information Security Programme" made by the Cyber Group team;
  • Review and advise on the internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators. The implementation is made by the cybersecurity teams;
  • Coordinate risk management works for IT and InfoSec departments, supporting in assessing and managing the risk with key stakeholders in the departments;
  • Produce risk profile and report on the second line of defence opinion on cybersecurity risk and cybersecurity and IT governance model, presenting these to senior managers as required;
  • Assist in the development, management and monitoring of IT and cybersecurity key risk indicators;
  • Support the team to align BCM and IT/Cybersecurity processes (risk scenario to cover, critical asset database, recover testing strategy…);
  • Participate to the implementation of the cyber resilience framework with InfoSec team (i.e. crisis management, infrastructure and data recovery process).

We’re looking for someone with:

  • 4 to 8 years' experience in an IT/Cybersecurity related role (IT security \ IT risk and compliance \ IT audit);
  • Experience within the financial sector will be a considerable benefit;
  • Established background in Security Risk and in IT / Information Security Audit;
  • Proven experience and knowledge of working with and implementing international security standards and frameworks, etc;
  • Working / technical knowledge of IT infrastructure and security specific controls;
  • Ability to articulate complex security and privacy concepts to business users;
  • Strong stakeholder management skills;
  • Excellent communication and presentation skills with the ability to communicate effectively with all levels including senior executives, both orally and in writing;
  • Delivery focused, with an ability to synthetize and organize information;
  • Ability to work well under pressure and prioritise workload appropriately;
  • Must be able to work well alone or as part of a team;
  • (Desirable) security industry certifications;
  • Fluent English required for any location of hiring.

We offer:

  • Integration in a dynamic, experienced and friendly team;
  • Technical, behavioral and linguistics training opportunities;
  • Career development.