Risk & Audit Expert - Cloud & Security Initiatives H/F/X

Description de l'entreprise

DigiTribe is an IT & business consulting company specialized in Cyber Security, Cloud, Architecture and Digital Enablement. We co-develop our services & approaches with the community to bring innovation, leverage digital practices and infuse purpose to large corporate organizations in digital transformation. We pride ourselves on our capacity to support our clients not only by allocating resources to reinforce organizations but by co-creating with the community and bringing value through workshops and content creation. That is our vision of a more valuable consultancy world. We believe that the « super-connected community » is the future. A community about encouraging « many-to-many » organic relationships to crack the opportunities and solve the business problems that conventional skillsets and approaches can't.

Description de la fonction

Risk & Audit Expert - Cloud & Security Initiatives (Permanent)

Overview

We are seeking an experienced Risk & Audit Expert with strong expertise in Cloud Security, IT Risk Management, and Regulatory Compliance to support our strategic Cloud and Security initiatives. The ideal candidate will have a deep understanding of financial-sector regulatory requirements, cloud frameworks, IT controls, and security best practices. This role plays a key part in ensuring our technology landscape remains secure, compliant, and aligned with industry standards.

Key Responsibilities

Risk Management & Governance

• Assess, identify, and document risks related to cloud migrations, cloud architecture, security controls, and third-party service providers.
• Develop and maintain risk management frameworks aligned with financial-sector policies and regulatory requirements (e.g., EBA, DORA, ISO 27001, NIST).
• Participate in Cloud and Cybersecurity governance committees, providing expert recommendations on risk mitigation strategies.
• Support the creation and review of Cloud Risk Assessments, Data Protection Impact Assessments, and Security Exception requests.

Audit & Compliance

• Lead and support internal and external IT audits related to cloud services, cybersecurity, and infrastructure.
• Ensure alignment with regulatory standards such as EBA Guidelines, DORA, GDPR, and local supervisory authority expectations.
• Prepare audit documentation, evidence, and reporting for regulators and auditors.
• Follow up on audit findings, define remediation plans, and track implementation until closure.

Cloud & Security Expertise

• Evaluate cloud service providers (AWS, Azure, GCP, etc.) with regard to security controls, resilience, data protection, and operational risk.
• Review technical architecture and security design documentation to ensure compliance with the institution's standards.
• Support the definition and continuous improvement of Cloud Security Policies, Security Baselines, and Control Frameworks.
• Monitor emerging cybersecurity threats and cloud-specific risks, providing recommendations for proactive mitigation.

Stakeholder Management

• Collaborate with Engineering, Architecture, Security, Risk, Legal, and Compliance teams to ensure alignment on controls and requirements.
• Communicate complex risk and audit topics to non-technical stakeholders in a clear and structured manner.
• Act as a trusted advisor during Cloud migration projects and security initiatives.

Required Skills & Qualifications

• Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or related field.
• 5+ years of experience in IT Risk, IT Audit, Cloud Security, or Cybersecurity roles within a Financial Institution or regulated environment.
• Deep knowledge of security frameworks and standards: ISO 27001, NIST CSF, CIS Controls, SOC 2, COBIT, etc.
• Strong understanding of Cloud environments (AWS, Azure, GCP) and their security controls.
• Proven experience with regulatory requirements such as EBA Guidelines, DORA, GDPR, and local financial supervisory expectations.
• Professional certifications are a strong asset: CISA, CRISC, CISM, CISSP, CCSK, CCSP.
• Excellent analytical, communication, and documentation skills.

...

Compétences linguistiques

• Anglais (atout)

  • Comprendre : Expérimenté - (C1)
  • Écrire : Expérimenté - (C1)
  • Lire : Expérimenté - (C1)
  • Parler : Expérimenté - (C1)

Envie d'en apprendre davantage sur ce métier ou sur un métier proche de celui-ci ? Parcourez toutes les informations utiles sur Panorama des métiers. Panorama des métiers