Authorised Manager – Risk & Information Security

Skills

About the Role

You will design implement and maintain the firm's risk management framework and internal control system and lead information security and ICT risk governance. You will perform hands-on risk and ICT assessments oversee controls and remediation prepare and present risk reporting to senior management and boards liaise with regulators auditors and vendors and coordinate across functions without a dedicated team.

Requirements

• University degree in risk management finance accounting law IT or related field
• Minimum 5 years experience in a senior risk internal control compliance or related function within a regulated financial institution
• Strong experience in risk management within a MiFID regulated firm
• Solid practical knowledge of information security ICT risk and the DORA regulatory framework
• Good understanding of financial statements capital prudential considerations and financial and operational controls
• Experience working with regulators auditors and senior management
• Ability to operate effectively in a hands on role without a dedicated team
• Experience in multicultural and international environments
• Risk or control qualification (e.g. FRM) or equivalent professional experience is an asset
• Exposure to or interest in crypto blockchain is an asset
• Fluent in English oral and written
• Right to work in Luxembourg
• Willingness to provide a criminal record (n.3) prior to hire

Responsibilities

• Act as authorised manager with regulators for risk internal control and information security matters
• Design implement and enhance the risk management framework policies and procedures
• Identify assess and monitor material risks across the full risk universe
• Define and maintain the risk appetite framework and Key Risk Indicators
• Review document and evaluate the internal control framework including automated and manual controls
• Ensure remediation of gaps or weaknesses in risk and control frameworks
• Prepare and present risk and internal control reporting to senior management and Boards
• Oversee outsourcing and third-party risk including ongoing monitoring
• Serve as senior accountable person for ICT risk management and information security governance
• Define and maintain information security ICT policies incident management and escalation frameworks
• Perform and coordinate ICT and information security risk assessments and oversee ICT controls lifecycle
• Monitor security vulnerabilities incidents and emerging threats and ensure mitigation
• Coordinate ICT related regulatory reporting and audits and liaise with external auditors and service providers
• Coordinate with global group functions to ensure alignment and consistency