Key Facts

Remote From:

Spain

Full time

Spanish

Hard Skills

Other Skills

•
Analytical Thinking
•
Communication

Roles & Responsibilities

3+ years of experience in IT Risk Management, IT Audit (internal or external), or technology/cyber control
Demonstrated experience in IT risk assessments and control frameworks, including DORA, operational resilience, and continuity
Experience with Third-Party Risk Management (TPRM), including technology providers and outsourcing controls
Proficiency with Power BI, Microsoft environments, ServiceNow, and advanced English (B2/C1)

Requirements:

Manage IT risk and cybersecurity controls from a governance and control perspective in an international financial environment
Participate in RCSA, Gap Analysis, and mapping of Risk–Control–KPI/KRI to ensure traceability of the control framework
Analyze internal and external audit findings and define remediation plans; ensure regulatory alignment, especially DORA, operational resilience, and business continuity; manage third-party risk (TPRM) including providers and outsourcing
Create and maintain policies and procedures, formal documentation, dashboards, and executive reporting; prepare materials for Risk and Technology Committees and senior stakeholders

Job description

Qué perfil buscamos

Buscamos un/a especialista en IT Risk & Control Framework con experiencia en gobierno, control y regulación tecnológica dentro de un entorno financiero internacional.

No es un rol operativo técnico: es un perfil orientado a gobierno, control y marco regulatorio tecnológico.

Funciones principales

Gestionar riesgos tecnológicos y de ciberseguridad desde una visión de control.
Participar en:
- RCSA
- IT Risk Assessments
- Gap Analysis
Realizar mapping Riesgo – Control – KPI/KRI (trazabilidad del marco de control).
Analizar findings de auditoría (interna y externa) y definir planes de remediación.
Aterrizar y aplicar regulación, especialmente:
- DORA
- Resiliencia Operacional
- Continuidad de Negocio
Gestión de riesgo de terceros (TPRM):
- Proveedores tecnológicos
- Outsourcing
- Controles de terceros
Crear y mantener:
- Políticas y procedimientos
- Documentación formal
- Dashboards y reporting ejecutivo
Preparar material para Comités de Riesgos y Tecnología y stakeholders senior.