Deputy Regional Information Security Officer

About the Role

Join us as a Senior Analyst supporting regional information security, operational resilience, and business continuity, vital for ensuring compliance with key European regulations like DORA and MiCA. This role is perfect for a professional who excels in executing critical security and resilience functions with precision.

Responsibilities

• Prepare, contribute to, and report on regional risk governance and board committee meetings, highlighting control status, risk exposure, and readiness.
• Conduct and document security risk assessments for regional operations and third parties.
• Execute and maintain Business Impact Assessments (BIA), integrating outputs into global resilience planning.
• Support Business Continuity Plan (BCP) maintenance and testing across regulated entities.
• Collaborate with Group Security and IT teams to map regional requirements into global policies and control frameworks.
• Contribute to the development and refinement of security standards in alignment with ISO27001 and SOC2.
• Participate in the drafting and review of MiCA- and DORA-aligned security policies and documentation.
• Support periodic security control testing and evidence collection for internal and external audit cycles.
• Track and follow up on audit findings and control remediation activities.
• Maintain compliance evidence libraries for key regulatory domains (e.g., MiCA, DORA, ISO, SOC).
• Oversee third-party risk assessments, including intragroup ICT outsourcing and vendor resilience.
• Assist in compiling responses to regulatory audits, due diligence questionnaires, and license maintenance.

Requirements

• Proven experience supporting regional information security, operational resilience, and business continuity initiatives.
• Familiarity with European regulatory requirements such as DORA and MiCA.
• Experience conducting security risk assessments and Business Impact Assessments (BIA).
• Background supporting Business Continuity Plan (BCP) maintenance and testing.
• Ability to contribute to security standards development, ideally aligned with ISO27001 and SOC2.
• Experience with regulatory reporting support and compliance evidence collection.
• Ability to work closely with security and IT teams, as well as regional stakeholders.