Erste Group

ICT and Security Risk Manager

Erste Group

full-time

Posted on:

Location Type: Hybrid

Location: BucurestiRomania

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cloud

About the role

  • Drive the execution of the ICT risk management framework;
  • Provide constructive challenge to Technology & Security teams;
  • Ensure risks are monitored and reported effectively;
  • Maintain and enhance the ICT & Security Risk Policy, procedures, and assessment methodology;
  • Execute and coordinate enterprise-wide ICT risk assessments and targeted thematic reviews;
  • Assess security findings and control weaknesses, validate risk severity, and ensure structured, risk-based remediation tracking;
  • Provide effective 2nd line challenge to 1st line risk assessments; deliver pragmatic and actionable recommendations;
  • Own and improve the ICT/Cyber risk register;
  • Monitor risk treatment plans and mitigation effectiveness;
  • Support NFR/Risk Acceptance governance;
  • Build and maintain a meaningful KRI framework;
  • Analyze trends across incidents, downtime, vulnerabilities, audit findings for forward-looking risk insights;
  • Contribute to severe-but-plausible scenario analysis and resilience assessments;
  • Lead the ICT change risk component by assessing high-risk changes.

Requirements

  • 4+ years of experience in ICT/cyber risk, tech audit/controls, security governance, or operational risk with strong IT exposure;
  • Hands-on experience performing risk assessments, control evaluation, and preparing management-level risk reporting;
  • Good understanding of regulatory expectations and industry best practices (DORA, NIST CSF, ISO 27001/27002, COBIT, ITIL);
  • Strong analytical mindset and the ability to translate technical vulnerabilities into clear business risk implications;
  • Confidence to act as a constructive challenger when working with senior technical stakeholders;
  • High standards for documentation and evidence-based writing, delivering audit-ready outputs;
  • Comfortable working with KRIs, thresholds, and trend analysis;
  • Integrity, independence, and sound professional judgment in risk-based decision making;
  • Certifications such as CISM, CISSP, CRISC, CISA, ISO 27001 LA/LI, ITIL, COBIT are an advantage;
  • Exposure to third-party ICT risk, cloud risk governance, scenario analysis or operational resilience exercises is considered a plus.
Benefits
  • Monthly budget for flexible benefits through the Benefit Online platform;
  • Performance-based bonus;
  • Banking facilities, benefits for private pension and discounts on insurance policies;
  • Gifts for special occasions;
  • Private medical services for you and your family;
  • Hybrid and flexible work schedule;
  • Up to 27 vacation days depending on your professional experience;
  • Extra 7 days off per year if you have used up your vacation days;
  • One day off for your birthday;
  • Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
  • Subscription to Bookster.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
ICT risk managementrisk assessmentscontrol evaluationrisk reportingKRI frameworktrend analysisscenario analysisremediation trackingsecurity governanceoperational risk
Soft Skills
analytical mindsetconstructive challengedocumentation standardsprofessional judgmentcommunication with stakeholdersindependenceintegritydecision makingcollaborationproblem solving
Certifications
CISMCISSPCRISCCISAISO 27001 LAISO 27001 LIITILCOBIT