Our client is a leading international financial institution with a strong presence in the EMEA region. With a broad platform and a clear growth agenda, the company offers a wide range of career opportunities across corporate finance, investment banking, advisory, and global capital markets. Professionals joining the firm can expect to work on diverse and high-impact projects, gaining valuable experience in a dynamic and globally connected environment.

This role plays a key part in strengthening the Second Line of Defence by delivering independent oversight and effective challenge across processes, activities, metrics, and frameworks associated with Operational Resilience, including ICT Risk and Third-Party Risk Management. The position involves analyzing regulatory requirements and translating their implications into policies and second-line frameworks, supporting the assessment and challenge of business activities, and overseeing the monitoring and reporting of risk exposures and control effectiveness across the relevant domains.

• Play an active role in shaping, implementing, and sustaining second-line frameworks for Operational Resilience, ICT Risk, and Third-Party Risk Management in line with regulatory expectations and best practices.

• Independently assess and challenge Operational Resilience, ICT Risk, and Third-Party Risk Management frameworks operated by the First Line of Defence.

• Examine both the design and operating effectiveness of controls addressing Operational Resilience, ICT Risk, and Third-Party Risk.

• Provide guidance on risk appetite and key indicators for Operational Resilience, ICT Risk, and Third-Party Risk, ensuring consistency with the overall risk appetite framework.

• Oversee second-line reviews of Digital Operational Resilience Testing activities, covering planning, execution, outcomes, and reporting, including threat-led penetration testing (TLPT).

• Track adherence to internal standards and policies while monitoring compliance with applicable regulatory requirements.

• Prepare and contribute to management reporting and presentations to guarantee senior management with clear insight for operational and strategic decision-making.

• A Bachelor’s degree is required, with a Master’s degree preferred.

• Additional professional certifications (e.g., CRISC) are regarded as an advantage.

• Relevant experience gained in risk management, operational resilience, outsourcing, or IT risk in the financial services sector.

• Exposure to Second Line of Defence responsibilities, potentially acquired within a First Line role.

• Practical experience in preparing regulatory and/or management reporting.

• Strong familiarity with Operational Resilience, Third-Party Risk, and IT Risk concepts.

• Sound proficiency of the applicable regulatory landscape, including DORA, MaRisk, EBA Guidelines on Outsourcing, and recognized standards for IT Risk and Operational Resilience.

• Understanding how banking regulations are translated into internal policies, standards, governance structures, and processes.

• Well-developed analytical and problem-solving skills combined with a structured working approach.

• Excellent Microsoft Office skills (Excel, PowerPoint, Word); exposure to GRC tools is an asset.

• Effective communication and interpersonal skills, including the ability to engage confidently with senior stakeholders.

• Business-fluent English; German is a plus

• Flexible and hybrid working arrangements

• Private health insurance, including life and disability coverage

• Counseling and coaching services to support mental wellbeing

• Comprehensive learning and development programs

• Attractive compensation package

• Inclusive and diverse workplace culture