Devoteam Cyber Trust| Security Risk Officer| Banking Sector

The LoD1 IT Risk Management team plays a strategic role by monitoring IT risk topics and establishing operational standards aligned with internal policies, ensuring their effective implementation.

The role involves reporting cyber and IT risk issues, defining action plans, and supporting the implementation of IT Asset Management policies. It also includes monitoring obsolescence and vulnerabilities, supervising LoD1 controls, and assessing areas such as secure development practices, code vulnerabilities, and application security tooling.

Key Responsibilities

• Communicate governance, risk management frameworks, control strategies, and policies
• Engage with stakeholders, including senior management, to report on technology risks and mitigation effectiveness
• Report enterprise-wide technology risks
• Provide independent oversight and challenge IT decisions
• Promote a strong risk management culture through training and advisory
• Ensure compliance with applicable laws, regulations, and industry standards
• Identify and assess technological risks (e.g., cybersecurity, data breaches, system failures)
• Evaluate and prioritize risks based on impact and likelihood
• Continuously monitor IT infrastructure for emerging risks and vulnerabilities
• Define and implement risk mitigation strategies in collaboration with IT teams
• Contribute to IT risk management policies and procedures
• Controls & Governance Responsibilities
• Define and document standard operating procedures for Level 1 controls
• Deploy and validate Level 1 permanent controls
• Supervise execution and ensure effectiveness of controls
• Drive continuous improvement of control frameworks
• Develop and maintain reporting on control compliance
• Communicate control status to stakeholders
• Provide training, tools, and guidance to ensure best practice adoption

Devoteam Cyber Trust is the Cybersecurity specialist arm of the Devoteam Group. With our 800+ experts located across EMEA, we aim to establish cybersecurity as an enabler of business success rather than a gatekeeper. We leverage an end-to-end approach to Cyber Resilience, Applied Security, and Managed Security services to secure the tech journey of large and medium-sized companies from all sectors and industries.

Since 2009, previously known as INTEGRITY, our team based in Portugal is specialised in providing cutting-edge Managed Security Services that combine its expertise and proprietary technology to consistently and effectively reduce the cyber risk of our clients.

The comprehensive service range includes Persistent Intrusion Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management. ISO 27001 (Information Security) and ISO 9001 (Quality) certified, PCI-QSA, and member of CREST and CIS - Centre for Internet Security, we provide services to a considerable number of clients, operating in more than 20 countries.

• Strong experience in IT Risk Management within a LoD1 model
• Solid understanding of cybersecurity, IT controls, and risk frameworks
• Proven ability to work with senior stakeholders
• Strong analytical and risk assessment capabilities
• Excellent communication and reporting skills
• High level of autonomy, ownership, and accountability
• Experience in regulated environments is valued

The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees' development;
• Collaboration in a company that is constantly growing and evolving.
• Strong organisational culture: collaboration, sharing, flexibility, integrity and low ego.

Would you like to join our team? Then send your CV.