- Risk Management
IT Risk Officer
About the position
At Bitvavo we are expanding our Enterprise Risk Management ("ERM") team and are looking for an IT Risk Officer. The main objective of the team is to ensure that the Business operates within the risk appetite established by the Management Board and advise management where this is not the case. To achieve this objective, ERM designed and implemented a sound, unified framework for the risk management and internal control system.
As a member of the ERM team you are expected to improve and maintain the IT risk and control framework. You will play a fundamental role in continuously growing, improving, and embedding this control framework in the organisation. You will act as a facilitator in the identification, assessment, monitoring and reporting of IT risks, which will support the Business in making risk-based decisions.
The outreach of your role will be the entire organisation, as you will be interacting directly with employees across all departments to ensure the IT Risk policies are followed on various topics, like Business Continuity Management, Change Management, Information Security, IT Risk, Identity & Access Management and overall Risk awareness. The flat organisation hierarchy will enable you to quickly build a network and immerse yourself in our company culture.
We are a fairly small and highly dynamic company where a ERM mindset and framework is not yet fully adopted. You will be empowered to contribute directly and shape your role as you develop further, because we don’t want to hire you just to tell you what to do, but so you can also tell us what should be done. Therefore we seek a proactive self-starter who enjoys the opportunity to greatly help shape risk control framework at Bitvavo.
- Guiding & execution of the implementation of new policies and extend the risk framework accordingly;
- Conduct risk assessments by identifying and analysing IT and Security risks;
- Interact with key IT players, including management;
- Manage security audits performed by external security specialist;
- Develop a business continuity plan and maintain the incident management procedure;
- Support the business in the change management process en secure the development risks;
- Support incident management by coordinating with stakeholders on root cause investigation, remediation plan definition and implementation of measures;
- Ensure clear reporting in the incident reporting system;
- Execute periodically disaster recovery tests together with the business;
- Collaborates with IT staff to develop and implement best practices to protect and restore data and systems in the event of breaches, vulnerabilities and hackers;
- Develop and provide staff training on risk management and incident management.
- Knowledge of IT Security controls and network/infrastructure;
- Knowledge of IT Risk measurement models;
- Profound knowledge of the crypto industry;
- Demonstrated experience in creating swim lane diagrams;
- Demonstrated experience in security practice;
- Demonstrated experience to security tooling;
- Demonstrated understanding of ISO31000;
- Ability to operate at own initiative with a pro-active attitude;
- Ability to liaise with a broad range of people, including line management, senior management, external suppliers and related people;
- Problem solving ability and strong analytical skills
- Project management skills and hands-on mentality;
- Ideally circa. 5 years of relevant experience in the financial sector, particular fintech is a big plus;
- Excellent communication skills, both verbal and written.
What we offer
Excellent employment terms, including:
- a very competitive salary;
- 26 days of annual leave;
- Budget for external training and courses.
- Work remotely within The Netherlands & at our office in the heart of Amsterdam;
- Be actively involved with the latest technologies and innovations;
- A position in a unique, young and fast growing FinTech company