Chief Technology Risk and Controls Officer

Send your CV

Are you inspired by collaborating with a variety of stakeholders and providing guidance and support on topics related to the technology risk management lifecycle, from identification and assessment to retirement? Do you possess a solid understanding of both inherent and residual risks within the technology domain, including how controls can effectively strengthen an organisation’s residual risk profile? Are you comfortable facilitating and leading risk assessment workshops and engaging in crucial discussions with technology and application service owners?

If you answered yes to these questions, you might be an ideal candidate to join our team as an IT Risk and Controls Officer in the Technology Risk Assessments team, part of Security, Resiliency, and Control – a unit dedicated to keeping Danske Bank safe and secure from technology risks.

As our new officer, you will be integral to the team that offers technology risk assessment and advisory services across the bank. You will manage and conduct technology risk assessments with service owners, our key stakeholders, and consult on a wide range of new and emerging technology risk areas as part of various strategic initiatives.

We offer a position located at our office in Vilnius, Lithuania, with a flexible work schedule and hybrid working options. As an innovative bank, we value diversity and sustainability and believe in the power of digital transformation. We offer a collaborative environment where you can grow, innovate, and contribute significantly.

Security, Resilience, and Controls department, headed by the Chief Security Officer, is an essential part of the technology organisation tasked with protecting our people, our customers, and our assets from harm – a fundamental function of a bank is the protection of customers’ money.

You will:

Facilitate and conduct Technology Risk Assessments workshops with technology and application service owners
Ensure adherence to risk management policies, facilitate related reviews, identify gaps, and devise remediation plans in conjunction with policy owners
Prepare regular and ad-hoc reports on technology risk posture for internal stakeholders, other legal entities within the wider group, and external stakeholders such as country-level regulators
Work closely with key stakeholders in sister teams and the wider organisation, including Cyber Design and Cyber Security SMEs, Business Risk and Control colleagues, and the Second and Third Lines of Defence on topics related to risk remediation and reporting, management of technology risk for strategic initiatives, and improvement points for the quality and effectiveness of technology risk management
Partner with non-technology members of the business, providing updates on trends or patterns in technology risk in their area, presenting an aggregate view of technology risk for their unit, and responding to any queries or requests for further information related to the technology risk and controls domain

About you:

5+ years of experience in IT Risk Management, Third Party Risk Management, Outsourcing (Vendor) Management, or similar fields
Experience in identifying and assessing technology risks and/or designing, implementing, and validating the operating effectiveness of IT general controls, including reporting exceptions and creating mitigation plans
Working familiarity with IT controls frameworks (e.g., ITIL, COBIT, NIST CSF, ISO27001, PCI DSS, ISF Standard of Good Practice, or similar)
Knowledge of current and upcoming regulations impacting the financial and technology sectors in the EU (e.g., GDPR, DORA, EBA guidelines on outsourcing arrangements, etc.)
Knowledge of Governance, Risk, and Compliance (GRC) tooling, especially ServiceNow/SNOW
Analytical, communication, teamwork, and interpersonal skills
Proactive and collaborative team member
Upper-Intermediate English language skills

We will consider as a bonus:

Experience with public speaking and presentations to a variety of technical and non-technical audiences, as well as various seniority levels
Technical familiarity with applications and infrastructure services commonly found in multi-country/global financial institutions
Professional certifications related to technology or risk management (for example, CISM, CISA, CRISC, CISSP, ISO 27001 Lead Implementer, ITIL, COBIT)

We offer:

Monthly salary range from 4480 EUR to 6720 EUR gross (based on your competencies relevant for the job).

Additionally, each Danske Bank employee receives employee benefits package which includes:

Growth opportunities: professional & supportive team, e-learnings, numerous development programs; (incl. professional certificates); 100+ professions for internal mobility opportunities.
Health & Well-being: a diverse, inclusive, work & life balance work environment; additional health insurance; mental well-being practices; partial psychologist counselling compensation; silence and sleep zones at the office; game rooms.
Hybrid working conditions: Work from home up to two days a week; home office budget (after the probation period); modern Danske Campus workplace developed with anthropologist for the best employee experience.
Additional days of leave: for rest, health, volunteering, exams in higher education institutions, and other important activities. Moreover, for seniority with Danske Bank.
Monetary compensation package: accidents & critical diseases insurance; financial support in case of unfortunate events, travel insurance; IIIrd Pillar Pension Fund contribution.