IT Governance & Risk Officer

We are looking for an IT Governance & Risk Officer to help strengthen and continuously improve our IT governance and risk management practices. In this role, you will promote a strong risk-aware culture, ensure alignment with group standards and regulatory requirements (including DORA), and support a collaborative and inclusive environment across teams.

We welcome candidates from diverse backgrounds and experiences who are passionate about governance, risk, and continuous improvement.

Key Responsibilities

IT Governance

• Support the implementation and continuous improvement of IT governance frameworks in a way that is clear, practical, and accessible for all stakeholders.
• Adapt group IT governance standards (procedures, controls, requirements) to local needs while promoting consistency and understanding.
• Work collaboratively with IT teams and stakeholders, supporting the adoption of governance practices and ensuring clarity in documentation and controls.
• Monitor compliance with governance requirements and support teams in delivering remediation actions.
• Contribute to the evolution of the IT management system and governance model.
• Maintain and update IT procedures in line with group and regulatory expectations.

IT Risk Management

• Promote a culture of shared responsibility and awareness around IT risk across the organization.
• Maintain the IT risk register, ensuring risks are clearly identified, assessed, mitigated, and reported (via ServiceNow).
• Facilitate regular IT risk reviews and ensure documentation remains current and transparent.
• Contribute to enterprise risk frameworks (e.g. ORSA, RCSA) from an IT perspective.
• Define and monitor relevant controls and Key Risk Indicators (KRIs).
• Support the management of IT operational incidents, ensuring appropriate follow-up and communication.
• Coordinate IT control plan campaigns, ensuring alignment and clear communication of results.
• Monitor audit activities and support the implementation of recommendations.
• Maintain the inventory of Shadow IT while encouraging visibility and governance.

Governance, Reporting & Committees

• Prepare and share clear, concise reports on IT risks and governance for local and group stakeholders.
• Coordinate and support the quarterly IT Risk & Cyber Committee, fostering open dialogue and transparency.
• Support the CIO in preparing IT Steering Committees.
• Collaborate with corporate and head office teams on governance and risk topics.
• Track remediation plans related to risks, audits, and compliance activities.
• Participate in governance forums (Cybersecurity, Obsolescence, Asset Committees, etc.), contributing constructively to discussions and outcomes.

DORA Governance

• Support the implementation and monitoring of DORA (Digital Operational Resilience Act) requirements.
• Prepare and maintain DORA-related reporting at local level.
• Review third-party and intragroup contracts, contributing to alignment with regulatory requirements.
• Collaborate with suppliers and group entities in due diligence and governance processes.
• Monitor progress and support steering committees on DORA initiatives.

Core Activities

• Maintain IT risk data and controls in ServiceNow.
• Manage control campaigns and track outcomes.
• Monitor action plans and governance KPIs.
• Collaborate with cross-functional teams to strengthen governance maturity and compliance.

• Knowledge of IT governance, risk management, and cybersecurity practices.

• Familiarity with frameworks such as COBIT, COSO, ISO 31000, ITIL, NIST, or DORA (experience with some of these is valued, not all required).

• Experience in financial services, insurance, or other regulated environments is a plus.

• Experience with tools such as ServiceNow and Microsoft Office.

• Languages:

  • French (C1) – required for this role

  • English (C1) – highly valued

• Strong communication skills, with the ability to engage diverse stakeholders in inclusive and respectful ways.

• Ability to facilitate discussions and create alignment across different teams and perspectives.

• Attention to detail and commitment to delivering high-quality outcomes.

• Analytical thinking and problem-solving mindset.

• Proactive and structured approach, with a focus on collaboration and continuous improvement

• Availability to travel occasionally within Portugal and internationally, depending on business needs.

• Compliance & Ethics

  • Compliance is a shared responsibility, and we are committed to supporting all employees in understanding and applying these principles in their work.

  • In this role, you will contribute to maintaining high standards of compliance and integrity. This includes areas such as financial security, client protection, market integrity, and ethical business conduct.

  • Compliance is a core responsibility and a fundamental expectation for all employees.