IT Risk Specialist (m/f)

For our Client, one of the leading companies in the investment and asset management sector, we are currently looking for an IT Risk Specialist. The organization provides services supporting fund management and investment structures, operating in a highly regulated environment with a strong focus on security, compliance, and data protection.

• 2+ years of experience in IT Risk, Information Security, IT Audit, or similar areas
• practical experience working with Technology/IT teams in a risk, security, or governance context
• good knowledge of information security standards (e.g. ISO 27001)
• awareness of regulatory frameworks such as GDPR (DORA is a plus)
• understanding of technology environments without being a hands-on technical specialist
• strong analytical skills and the ability to communicate effectively with both technical and business stakeholders
• proactive, open-minded approach and willingness to continuously develop in the security area
• high level of integrity and sense of responsibility
• fluent English (C1)

• translate information security and risk concepts into clear, business-oriented language for both technical and non-technical stakeholders
• review solution designs and proposed changes to ensure alignment with security principles, internal standards, and regulatory requirements
• identify, assess, and support mitigation of cyber and information security risks across technology and business initiatives
• verify whether security controls are properly designed and effectively implemented
• conduct assessments of technical and process controls to evaluate their effectiveness and identify areas for improvement
• define and document non-functional requirements related to security, resilience, and data privacy for new and existing solutions
• support audits and internal reviews by preparing documentation and evidence
• act as a trusted advisor and point of contact for stakeholders on secure design and risk mitigation practices
• contribute to the development and continuous improvement of cybersecurity frameworks, guidelines, and governance processes
• analyze the organization from a controls and risk perspective, identifying gaps and recommending improvements (e.g. data classification, sensitive data handling, privacy controls)