Luxembourg Regular R&D - Security Job ID: A58984

Responsibilities

Team Intro PIPO Luxembourg is a dynamic, forward-thinking organisation at the forefront of the payments industry. As part of a fast-growing, ambitious company, you will have the unique opportunity to shape and refine our ICT Framework while playing a pivotal role in our mission to innovate and deliver exceptional payment solutions. About the role As part of the second line of defence, we are seeking an accomplished and proactive ICT Risk Manager who thrives in a fast-paced, challenging environment. This is a career-defining opportunity to take ownership of our ICT Risk function, build robust frameworks, and make a lasting impact. Reporting to the Chief Information Officer but with independent autonomy, you will play a critical role in strengthening our digital resilience, protecting against ICT risks, and ensuring compliance with Luxembourg’s regulatory framework and internal governance standards. Responsibilities: - Implementing and managing the ICT Risk Management framework aligned with regulatory requirements such as the EU Digital Operational Resilience Act (DORA) and CSSF circulars, ensuring that ICT risks are identified, assessed, mitigated, monitored, and reported within the institution's risk appetite. - Supporting and coordinating first line of defence functions in defining, drafting, implementing, and maintaining policies and procedures to ensure compliance with applicable regulatory requirements and internal governance standards; continuous compliance monitoring. - Conducting regular ICT risk assessments focused on payment services, maintaining an ICT risk register, and updating policies and controls in response to evolving threats and incidents. - Coordinating ICT incident response and remediation efforts across multiple stakeholders to minimize operational impact and ensure timely resolution. - Overseeing security testing activities such as penetration testing and vulnerability assessments specifically related to payment functions and processes. - Managing ICT business continuity plans and conducting resilience testing to ensure operational stability under adverse conditions. - Monitoring third-party service providers through due diligence, risk assessments, and service level agreement (SLA) performance reviews to manage supply chain risks. - Serving as the primary contact for ICT-related regulatory communications, audit responses, and reporting to both management and regulators, ensuring compliance with CSSF and other supervisory expectations. - Integrating ICT risk management into the institution’s overall risk management framework, maintaining independence from ICT operations to provide objective control and oversight. - Staying ahead of regulatory developments, sharing insights and recommendations with the leadership team to adapt policies and practices as needed. - Driving a strong ICT risk awareness and culture across the organization by delivering engaging, business-focused training and fostering an open, solutions-driven approach. - Actively contributing to the development of new products and services, ensuring ICT compliance is seamlessly integrated into innovation.

Qualifications

Minimum Qualifications - Relevant professional experience of typically 2-5 years in information security, ICT risk management, IT governance, or cybersecurity, preferably within the payment and financial services industry. - Good knowledge of regulatory requirements applicable to payment institutions in Europe, including the Digital Operational Resilience Act (DORA), PSD2, and related EU regulatory technical standards and guidelines. - Understanding of ICT risk management frameworks and security standards such as ISO 27001, ISO 27005, the NIST Cybersecurity Framework, industry standards such as PCI DSS, and familiarity with risk management methodologies. - Self-starter mentality, with a high level of initiative and discipline to independently lead projects and drive impactful outcomes. - Strong analytical, communication, relationship-building, and organizational skills to effectively report and collaborate across business units, ICT teams, and external stakeholders. - Basic understanding of micro-service architecture, cloud technologies and general ICT terms and processes. - Fluency in English. Preferred Qualifications - Advanced certifications such as CRISC (Certified in Risk and Information Systems Control), CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or equivalent recognized ICT security and risk certifications. - Experience with ICT risk management in payment or electronic money institutions, including practical knowledge of incident response, penetration testing, business continuity, and third-party risk management. - Familiarity with Luxembourg-specific regulatory circulars such as CSSF Circular 25/880 and other supervisory expectations. - Participation in specialized training programs on ICT risk management tailored to Luxembourg financial and payment institutions. - Ability to integrate ICT risk management into the overall risk framework of the institution and to work closely with senior management and regulators.

Job Information