ICT and Security Risk Manager

Erste Group

. Drive the execution of the ICT risk management framework; .

Posted 2/27/2026full-timeBucuresti • 🇷🇴 RomaniaMid-LevelSeniorWebsite

Tech Stack

Tools & technologies

Cloud

About the role

Key responsibilities & impact

Drive the execution of the ICT risk management framework;
Provide constructive challenge to Technology & Security teams;
Ensure risks are monitored and reported effectively;
Maintain and enhance the ICT & Security Risk Policy, procedures, and assessment methodology;
Execute and coordinate enterprise-wide ICT risk assessments and targeted thematic reviews;
Assess security findings and control weaknesses, validate risk severity, and ensure structured, risk-based remediation tracking;
Provide effective 2nd line challenge to 1st line risk assessments; deliver pragmatic and actionable recommendations;
Own and improve the ICT/Cyber risk register;
Monitor risk treatment plans and mitigation effectiveness;
Support NFR/Risk Acceptance governance;
Build and maintain a meaningful KRI framework;
Analyze trends across incidents, downtime, vulnerabilities, audit findings for forward-looking risk insights;
Contribute to severe-but-plausible scenario analysis and resilience assessments;
Lead the ICT change risk component by assessing high-risk changes.

Requirements

What you’ll need

4+ years of experience in ICT/cyber risk, tech audit/controls, security governance, or operational risk with strong IT exposure;
Hands-on experience performing risk assessments, control evaluation, and preparing management-level risk reporting;
Good understanding of regulatory expectations and industry best practices (DORA, NIST CSF, ISO 27001/27002, COBIT, ITIL);
Strong analytical mindset and the ability to translate technical vulnerabilities into clear business risk implications;
Confidence to act as a constructive challenger when working with senior technical stakeholders;
High standards for documentation and evidence-based writing, delivering audit-ready outputs;
Comfortable working with KRIs, thresholds, and trend analysis;
Integrity, independence, and sound professional judgment in risk-based decision making;
Certifications such as CISM, CISSP, CRISC, CISA, ISO 27001 LA/LI, ITIL, COBIT are an advantage;
Exposure to third-party ICT risk, cloud risk governance, scenario analysis or operational resilience exercises is considered a plus.

Benefits

Comp & perks

Monthly budget for flexible benefits through the Benefit Online platform;
Performance-based bonus;
Banking facilities, benefits for private pension and discounts on insurance policies;
Gifts for special occasions;
Private medical services for you and your family;
Hybrid and flexible work schedule;
Up to 27 vacation days depending on your professional experience;
Extra 7 days off per year if you have used up your vacation days;
One day off for your birthday;
Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
Subscription to Bookster.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

ICT risk managementrisk assessmentscontrol evaluationrisk reportingKRI frameworktrend analysisscenario analysisremediation trackingsecurity governanceoperational risk

Soft Skills

analytical mindsetconstructive challengedocumentation standardsprofessional judgmentcommunication with stakeholdersindependenceintegritydecision makingcollaborationproblem solving

Certifications

CISMCISSPCRISCCISAISO 27001 LAISO 27001 LIITILCOBIT