- Own and evolve the IT Risk and Business Continuity Management Framework within the second line.
- Provide independent second-line oversight and challenge to the first-line IT GRC team on control effectiveness.
- Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security.
- Define baseline controls and perform ISMS maturity assessments against ISO/IEC 27001:2022.
- Drive second-line assurance reviews and support internal/external IT audits.
- Manage regulatory obligations including DORA, BaFin, EBA, and ESMA compliance.
- Report IT risk posture and material events to senior stakeholders and the C-suite.