ICT Risk & Resilience Lead- Nerherlands
Neema - Better Than a Bank, Staten Island, NY, United States
Location:
Netherlands (Remote / Hybrid) Reports to: CEO and Management
Committee Collaborates with:
CISO, CCO, and Engineering
Our Mission Neema is built on global impact- providing digital financial services to tens of thousands of users worldwide, regardless of traditional banking status. As our ICT Risk & Resilience Lead, you won't just write policies; you will be the primary owner of our Digital Operational Resilience Act (DORA) framework, ensuring our infrastructure is fundamentally resilient and audit-ready every single day.
The Role: Practitioner, Not Just a Policy Writer This is a high-execution role for someone who is as comfortable in a SIEM console as they are in a regulatory meeting. You will bridge the gap between technical IT operations and Dutch regulatory requirements (DNB/AFM).
Key Responsibilities
DORA Framework Ownership:
Execute the technical requirements of the Digital Operational Resilience Act, maintaining the ICT risk management framework and the DORA Register of Information (RoI).
Technical Evidence & Deep-Dives:
Directly access IT and security systems (Azure/AWS, CrowdStrike, SIEM) to extract evidence of control effectiveness.
Continuous Monitoring:
Perform monthly "spot checks" on user access reviews, firewall configurations, and encryption standards.
Third-Party Risk (TPRM):
Lead oversight of ICT third-party providers (Cloud, Payment infrastructure), ensuring contracts meet DORA standards and conducting periodic audits.
Incident & Resilience Management:
Classify and log ICT incidents for regulatory reporting and coordinate annual resilience testing (vulnerability assessments and network reviews).
Audit Defense:
Act as the primary point of contact for external auditors and regulators, organizing the "Audit Room" and explaining technical control implementations.
Data Mapping & Privacy:
Maintain GDPR Article 30 ROPA and conduct hands-on Privacy Impact Assessments (DPIAs) for new software or vendors.
Required Skills & Qualifications
Experience:
5+ years in IT Risk, Cybersecurity, or IT Audit within Fintech or Banking (EMI/PI preferred).
Regulatory Fluency:
Deep, practical knowledge of DORA and GDPR. Familiarity with NIS2, PSD2, and EU AI Acts is required.
Technical Proficiency:
Comfortable navigating Cloud environments (AWS/Azure), IAM tools, and vulnerability scanners.
Tooling:
Experience with GRC automation tools (e.g., Vanta, Drata, or Secureframe).
Certifications:
CISA, CRISC, CISM, or CISSP.
Communication:
Fluent English is mandatory. Dutch proficiency is highly preferred for nuanced communication with local stakeholders and regulators.
#J-18808-Ljbffr
Netherlands (Remote / Hybrid) Reports to: CEO and Management
Committee Collaborates with:
CISO, CCO, and Engineering
Our Mission Neema is built on global impact- providing digital financial services to tens of thousands of users worldwide, regardless of traditional banking status. As our ICT Risk & Resilience Lead, you won't just write policies; you will be the primary owner of our Digital Operational Resilience Act (DORA) framework, ensuring our infrastructure is fundamentally resilient and audit-ready every single day.
The Role: Practitioner, Not Just a Policy Writer This is a high-execution role for someone who is as comfortable in a SIEM console as they are in a regulatory meeting. You will bridge the gap between technical IT operations and Dutch regulatory requirements (DNB/AFM).
Key Responsibilities
DORA Framework Ownership:
Execute the technical requirements of the Digital Operational Resilience Act, maintaining the ICT risk management framework and the DORA Register of Information (RoI).
Technical Evidence & Deep-Dives:
Directly access IT and security systems (Azure/AWS, CrowdStrike, SIEM) to extract evidence of control effectiveness.
Continuous Monitoring:
Perform monthly "spot checks" on user access reviews, firewall configurations, and encryption standards.
Third-Party Risk (TPRM):
Lead oversight of ICT third-party providers (Cloud, Payment infrastructure), ensuring contracts meet DORA standards and conducting periodic audits.
Incident & Resilience Management:
Classify and log ICT incidents for regulatory reporting and coordinate annual resilience testing (vulnerability assessments and network reviews).
Audit Defense:
Act as the primary point of contact for external auditors and regulators, organizing the "Audit Room" and explaining technical control implementations.
Data Mapping & Privacy:
Maintain GDPR Article 30 ROPA and conduct hands-on Privacy Impact Assessments (DPIAs) for new software or vendors.
Required Skills & Qualifications
Experience:
5+ years in IT Risk, Cybersecurity, or IT Audit within Fintech or Banking (EMI/PI preferred).
Regulatory Fluency:
Deep, practical knowledge of DORA and GDPR. Familiarity with NIS2, PSD2, and EU AI Acts is required.
Technical Proficiency:
Comfortable navigating Cloud environments (AWS/Azure), IAM tools, and vulnerability scanners.
Tooling:
Experience with GRC automation tools (e.g., Vanta, Drata, or Secureframe).
Certifications:
CISA, CRISC, CISM, or CISSP.
Communication:
Fluent English is mandatory. Dutch proficiency is highly preferred for nuanced communication with local stakeholders and regulators.
#J-18808-Ljbffr