Information Security Risk Manager (Fintech)
ΠΡΡΡ & Π‘ΠΎΠΏΡΠΎΠ²ΠΎΠ΄
ΠΠ»Ρ ΠΌΡΡΡΠ° Ρ ΡΡΠΎΠΉ Π²Π°ΠΊΠ°Π½ΡΠΈΠ΅ΠΉ Π½ΡΠΆΠ΅Π½ Plus
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
TL;DR
Information Security Risk Manager (Fintech/Cybersecurity): Primary operational owner of the ICT Risk Management Framework within the second line of defence with an accent on DORA, ISO 27001, and PCI DSS requirements. Focus on executing the RCSA cycle, managing the Eramba GRC platform, and coordinating security monitoring oversight.
Location: Hybrid in Estepona/Malaga, Spain
Company
is a leading payment service provider offering omnichannel and advanced payment solutions to businesses across Europe.
What you will do
- Maintain and develop the ICT risk register and execute the RCSA cycle for ICT risk domains.
- Own the ISMS policy suite in line with ISO 27001 and DORA, coordinating security monitoring oversight.
- Support DORA obligations, including ICT incident classification and major incident reporting.
- Lead PCI DSS v4.0 governance as the primary owner of compliance oversight and contact for QSA.
- Manage the Eramba GRC platform, including data structure, user access, and module configuration.
- Provide second line of defence oversight of ICT third-party risk and liaison for annual IT audits.
Requirements
- 5-8 years of experience in ICT risk management or information security within a DNB-supervised financial institution.
- Demonstrable experience with DORA, ISO/IEC 27001, and PCI DSS v4.0.
- Hands-on experience with GRC platforms such as Eramba, including RCSA execution and KRI reporting.
- Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or equivalent.
- English: C1 level (strong written and verbal communication skills required).
Nice to have
- Certifications such as ISO 27001 Lead Implementer, CISM, or CRISC.
- PCI DSS certification or practical experience.
- Proficiency in Dutch.
Culture & Benefits
- Competitive salary and benefits package.
- Free Spanish classes and optional afterwork sports activities.
- Opportunities for professional growth.
- Collaborative environment within a diverse international team.
ΠΡΠ΄ΡΡΠ΅ ΠΎΡΡΠΎΡΠΎΠΆΠ½Ρ: Π΅ΡΠ»ΠΈ ΡΠ°Π±ΠΎΡΠΎΠ΄Π°ΡΠ΅Π»Ρ ΠΏΡΠΎΡΠΈΡ Π²ΠΎΠΉΡΠΈ Π² ΠΈΡ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ iCloud/Google, ΠΏΡΠΈΡΠ»Π°ΡΡ ΠΊΠΎΠ΄/ΠΏΠ°ΡΠΎΠ»Ρ, Π·Π°ΠΏΡΡΡΠΈΡΡ ΠΊΠΎΠ΄/ΠΠ, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡΠ΅ ΡΡΠΎΠ³ΠΎ - ΡΡΠΎ ΠΌΠΎΡΠ΅Π½Π½ΠΈΠΊΠΈ. ΠΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ ΠΆΠΌΠΈΡΠ΅ "ΠΠΎΠΆΠ°Π»ΠΎΠ²Π°ΡΡΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡΠΈΡΠ΅ Π² ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΡ. ΠΠΎΠ΄ΡΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β