IT Risk Manager

The role : Spendesk is looking for a junior IT Risk Manager to maintain and implement its IT Risk analysis framework. We are looking for a talent with an IT risk manager experience, if possible in financial area, who will help develop the security at Spendesk.

As part of the cybersecurity Team, you will report to the Head and Security and will help build and develop the team, and implementing the right level of security for Spendesk. Your role is to enable Spendesk business team to increase velocity while using a secure cloud ecosystem of various tools and services. You are expected to work in close collaboration with our business leaders, legal, IT, developer, infra teams and third party suppliers.

Responsibilities

• The role is global to Spendesk and we expect our new IT risk manager to be able to own every topic related to IT risk management.
• Develop and document IT risk policy, procedures, standards, and guidelines
• Support and drive all IT risk related governance, risk assessments and audits initiatives
• Collaborate with other departments to identify and mitigate the IT risks
• Participate to 3rd party risk assessment
• Advise and guide the organisation in all aspects of IT risks and ongoing operation
• Train employees on policies and procedures
• Identify existing or possible mitigation measures, build and track action or control plan
• Monitor compliance with policies, regulations, and customer requirements.

Required skills & experience:

• A bachelor degree of computer science or equivalent technical degree is required. A masters in an equivalent field is preferred.
• At least 3 years of professional experience in IT risk management.
• Knowledge in IT Risk management methodologies
• Experience in project management and leading workshops

Bonus skills and experience

• Knowledge of Cloud security challenges, Zero trust and specific AWS security mechanisms, best practices, and tools.
• Experience in a cybersecurity branch (organizational and/or technical).
• Knowledge and experience with one or several of the following frameworks: GDPR, PCI DSS, ISO 27001 is a plus.
• Initial experience in a financial or financial related entity