Area

Are you inspired by working with a variety of stakeholders and providing expert advice on all topics related to the technology risk management lifecycle, from identification and assessment to retirement? Do you possess a strong understanding of both inherent and residual risks within the technology domain, including how controls can effectively strengthen an organisation’s residual risk profile? Are you comfortable facilitating and leading risk assessment workshops and driving critical discussions among technology and application service owners?

If you answered yes to these questions, you might be the perfect candidate to join our team as a new IT Risk and Controls Officer in the Technology Risk Assessments team, part of Security, Resiliency and Control – a unit dedicated to keeping Danske Bank safe and secure from technology risks.

As our new officer, you will be integral to the team that offers technology risk assessment and advisory services across the bank. Functionally, you will manage and conduct technology risk assessments with service owners, our key stakeholders, and consult on a wide range of new and emerging technology risk areas as part of various strategic initiatives.

We offer a position located at our office in Vilnius, Lithuania, with a flexible work schedule and hybrid working options. As a forward-thinking bank, we value diversity, sustainability, and believe in the power of digital transformation. We offer a collaborative environment where you can grow, innovate, and make a meaningful impact.

Security, Resilience, and Controls department, headed by the Chief Security Officer, is an essential part of the technology organisation tasked with protecting our people, our customers, and our assets from harm – a fundamental function of a bank is the protection of customers’ money.

Mission

• Facilitate and conduct Technology Risk Assessments workshops with technology and application service owners
• Ensure adherence to risk management policies, facilitate related reviews, identify gaps, and devise remediation plans in conjunction with policy owners
• Prepare regular and ad-hoc reports on technology risk posture for internal stakeholders, other legal entities within the wider group, and external stakeholders such as country-level regulators
• Work closely with key stakeholders in sister teams and the wider organisation, including Cyber Design and Cyber Security SMEs, Business Risk and Control colleagues, and the Second and Third Lines of Defence on topics related to risk remediation and reporting, management of technology risk for strategic initiatives, and improvement points for the quality and effectiveness of technology risk management
• Partner with non-technology members of the business, providing updates on trends or patterns in technology risk in their area, presenting an aggregate view of technology risk for their unit, and responding to any queries or requests for further information related to the technology risk and controls domain

Skills

• 5+ years of experience in IT Risk Management, Third Party Risk Management, Outsourcing (Vendor) Management, or similar fields
• Experience in identifying and assessing technology risks and/or designing, implementing, and validating the operating effectiveness of IT general controls, including reporting exceptions and creating mitigation plans
• Working familiarity with IT controls frameworks (e.g., ITIL, COBIT, NIST CSF, ISO27001, PCI DSS, ISF Standard of Good Practice, or similar)
• Knowledge of current and upcoming regulations impacting the financial and technology sectors in the EU (e.g., GDPR, DORA, EBA guidelines on outsourcing arrangements, etc.)
• Knowledge of Governance, Risk, and Compliance (GRC) tooling, especially ServiceNow/SNOW
• Analytical, communication, teamwork, and interpersonal skills
• Approachable, pragmatic, self-starter who is easy to collaborate with others to make things happen
• Upper-Intermediate English language skills

We will consider as a bonus:

• Experience with public speaking and presentations to a variety of technical and non-technical audiences, as well as various seniority levels
• Technical familiarity with applications and infrastructure services commonly found in multi-country/global financial institutions
• Professional certifications related to technology or risk management (for example, CISM, CISA, CRISC, CISSP, ISO 27001 Lead Implementer, ITIL, COBIT)

We offer:

We will ensure that exact salary offered for you will be based on your qualifications, competencies, professional experience and requirements for the corresponding job function (salary range from 4400 EUR to 6600 EUR gross EUR/monthly).

Your title in job contract will be Officer - Business Risk & Controls (Officer, Technology Risk and Controls), Chief.

Yancey Westerfield