QA Agility - IT Audit Expert (5-6 yrs)
QAAgility Technologies
posted 1d ago
Flexible timing
Key skills for the job
DORA Audit Expert International Exchange.
Job Title : DORA Audit Expert.
Job Location : Remote.
Experience : 5+ Years.
Job Description :
- The DORA Audit Expert will be pivotal in guiding the business through the complexities of DORA requirements and overseeing compliance with operational resilience standards and ICT-related regulations for financial entities (FEs).
- This position involves a blend of deep regulatory expertise, audit leadership, and hands-on execution to ensure that the company adheres to all regulatory and risk management expectations.
Key Responsibilities:
DORA Compliance Audit & Assessment:.
- Lead DORA compliance audits for the organization, including risk assessments and gap analyses.
- Assess the digital operational resilience of the company's ICT systems, processes, and operational infrastructure.
- Collaborate with cross-functional teams to ensure all aspects of DORA are covered, including ICT third-party providers (CTPPs) and the resilience of critical ICT systems.
- Evaluate the effectiveness of IT governance frameworks, incident management, cybersecurity practices, and business continuity plans to meet DORA requirements.
Regulatory Guidance & Compliance Reporting:.
- Provide expert advice on DORA regulations and best practices to internal stakeholders.
- Prepare and present clear, actionable compliance reports and audit findings for senior management and regulators.
- Ensure accurate and timely reporting on DORA compliance status to relevant authorities.
Risk Management:.
- Develop and maintain a comprehensive risk register for digital operational resilience.
- Assist in identifying and managing risks related to critical ICT services and systems.
- Advise on risk mitigation strategies for the financial services sector, particularly in the context of digital and operational resilience.
ICT Third-Party Oversight:.
- Conduct due diligence, audits, and ongoing assessments of critical ICT service providers (CTPPs) to ensure compliance with DORA standards.
- Oversee the development and implementation of third-party risk management processes to ensure that external service providers meet DORA's operational resilience requirements.
Training and Awareness:.
- Develop training programs to raise awareness and understanding of DORA among key internal stakeholders and teams.
- Conduct workshops and seminars to ensure the team is aware of DORA compliance requirements and operational resilience best practices.
Continuous Improvement:.
- Recommend and implement improvements to current operational resilience frameworks to ensure continued DORA compliance and readiness for audits.
- Stay updated on regulatory changes, industry trends, and emerging best practices related to operational resilience and ICT risk management.
Education:.
- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Law, or related fields.
- Relevant certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or equivalent are highly desirable.
Experience:.
- Proven experience in conducting audits related to regulatory frameworks, particularly in the financial sector (preferably within the EU).
- In-depth knowledge of the Digital Operational Resilience Act (DORA) and EU financial regulations.
- At least 5 years of experience in risk management, compliance, or audit within the financial industry, focusing on operational resilience and ICT risk management.
- Strong understanding of ICT systems, third-party vendor management, and cybersecurity standards.
- Experience with international financial exchanges or similar institutions is a plus.
Skills & Competencies:.
- Strong analytical and problem-solving skills with a detailed understanding of risk assessment methodologies and compliance requirements.
- Excellent communication and interpersonal skills, with the ability to work with cross-functional teams and manage external stakeholders.
- Knowledge of industry-leading frameworks such as ISO 27001, NIST, or other security and operational resilience standards.
- Ability to work independently, prioritize tasks, and manage multiple projects effectively.
- Fluency in English, both written and verbal.
- Knowledge of additional languages is a plus.
Preferred Qualifications:.
- Master's degree in a related field (e. , Cybersecurity, Business Continuity Management, Risk Management).
- Experience working with or within financial exchanges, trading platforms, or large financial institutions.
- Expertise in conducting audits related to regulatory frameworks such as MiFID II, PSD2, GDPR, and others.
Functional Areas: Other
Read full job description8-10 Yrs