We are a leading fintech company focused on blockchain technology.
Join us as an Third-Party Risk Manager/ВСМ/Legal DORA.
Requirements
Degree in Information Security, Risk Management, IT, or a related field.
2‑5+ years of experience in third‑party risk management, ICT risk / operational risk / IT audit, or BCM.
Experience in regulated environments (financial services, fintech, crypto preferred).
Technical Knowledge
Understanding of outsourcing and third‑party risk frameworks.
ICT and cybersecurity risk domains.
Control frameworks.
Familiarity with
Cloud environments and third‑party service models.
Security assessment techniques and control validation concepts.
Key Skills & Competencies
Strong risk assessment and analytical capabilities.
Ability to independently challenge and elevate.
Structured, evidence‑based decision making.
Clear communication with both technical and non‑technical stakeholders.
High level of integrity and independence.
Responsibilities
End‑to‑End Third‑Party Risk Oversight
Pre‑engagement risk assessment.
Onboarding due diligence.
Ongoing monitoring.
Exit and termination risk evaluation.
Ensure risks related to outsourcing and ICT services are identified, assessed, and managed continuously.
Risk Assessment & Due Diligence
ICT and cybersecurity risk.
Operational resilience risk.
Data protection and confidentiality risk.
Concentration and systemic risk.
Review and challenge due diligence performed during onboarding.
Ensure third parties are classified based on criticality (e.g., Critical or Important Functions – CIFs).
Continuous Risk Monitoring
Security posture (vulnerabilities, certifications, audit reports).
Service resilience and availability risks.
Incident trends and control effectiveness indicators.
Define and monitor Key Risk Indicators (KRIs) and thresholds.
Identify emerging risks and ensure timely escalation.
ICT & Security Risk Oversight
Access management.
Data protection and encryption.
Logging, monitoring, and incident response capabilities.
Review security attestations (ISO 27001, SOC reports).
Coordinate deep‑dive reviews for critical providers.
Independent Challenge (SLOD Function)
Vendor selection decisions (from a risk perspective).
Control design and mitigation measures.
Risk acceptance and residual risk decisions.
Escalate insufficient controls, excessive risk exposure, or non‑compliance.
Risk Framework & Methodology
Develop and maintain the Third‑Party Risk Management (TPRM) framework.
Risk assessment methodologies.
Scoring models and classification criteria.
Monitoring standards and review cycles.
Ensure consistency and traceability across risks, controls, providers, and evidence.
Issue & Remediation Oversight
Track identified third‑party risk issues and control gaps.
Challenge remediation plans for adequacy and timelines.
Regulatory Compliance & Alignment
Digital Operational Resilience Act (DORA) – ICT third‑party risk requirements.
Delegated Regulations (EU) 2024/1773 / 1774.
Markets in Crypto‑Assets Regulation (MiCAR) – operational resilience and safeguarding.
Interpret regulatory requirements and translate them into risk controls and monitoring practices.
Reporting & Governance
Produce regular reporting on third‑party risk exposure.
KRI breaches and trends.
Critical provider risk profiles.
Open issues and remediation status.
Report to risk committees and senior management.
Support CRO in providing risk transparency.
Benefits & Working Conditions
Immersive work in crypto – master cutting‑edge technologies.
Work in a fintech of the future – develop skills in digital finance and shape the global market.
Professional growth – gain unique experience and be part of global transformations.
Innovation impact – influence the industry and contribute to groundbreaking solutions.
Strong team – collaborate with experts worldwide and grow alongside the best.
Work‑life balance – modern equipment, comfortable working conditions, inspiring environment.
25 business days of paid leave.
Additional days off for national holidays.
Salaries are determined in accordance with the Collective Agreement for Employees in Information and Consulting, with potential overpayment in line with market standards based on qualifications and professional experience.
#J-18808-Ljbffr
Join us as an Third-Party Risk Manager/ВСМ/Legal DORA.
Requirements
Degree in Information Security, Risk Management, IT, or a related field.
2‑5+ years of experience in third‑party risk management, ICT risk / operational risk / IT audit, or BCM.
Experience in regulated environments (financial services, fintech, crypto preferred).
Technical Knowledge
Understanding of outsourcing and third‑party risk frameworks.
ICT and cybersecurity risk domains.
Control frameworks.
Familiarity with
Cloud environments and third‑party service models.
Security assessment techniques and control validation concepts.
Key Skills & Competencies
Strong risk assessment and analytical capabilities.
Ability to independently challenge and elevate.
Structured, evidence‑based decision making.
Clear communication with both technical and non‑technical stakeholders.
High level of integrity and independence.
Responsibilities
End‑to‑End Third‑Party Risk Oversight
Pre‑engagement risk assessment.
Onboarding due diligence.
Ongoing monitoring.
Exit and termination risk evaluation.
Ensure risks related to outsourcing and ICT services are identified, assessed, and managed continuously.
Risk Assessment & Due Diligence
ICT and cybersecurity risk.
Operational resilience risk.
Data protection and confidentiality risk.
Concentration and systemic risk.
Review and challenge due diligence performed during onboarding.
Ensure third parties are classified based on criticality (e.g., Critical or Important Functions – CIFs).
Continuous Risk Monitoring
Security posture (vulnerabilities, certifications, audit reports).
Service resilience and availability risks.
Incident trends and control effectiveness indicators.
Define and monitor Key Risk Indicators (KRIs) and thresholds.
Identify emerging risks and ensure timely escalation.
ICT & Security Risk Oversight
Access management.
Data protection and encryption.
Logging, monitoring, and incident response capabilities.
Review security attestations (ISO 27001, SOC reports).
Coordinate deep‑dive reviews for critical providers.
Independent Challenge (SLOD Function)
Vendor selection decisions (from a risk perspective).
Control design and mitigation measures.
Risk acceptance and residual risk decisions.
Escalate insufficient controls, excessive risk exposure, or non‑compliance.
Risk Framework & Methodology
Develop and maintain the Third‑Party Risk Management (TPRM) framework.
Risk assessment methodologies.
Scoring models and classification criteria.
Monitoring standards and review cycles.
Ensure consistency and traceability across risks, controls, providers, and evidence.
Issue & Remediation Oversight
Track identified third‑party risk issues and control gaps.
Challenge remediation plans for adequacy and timelines.
Regulatory Compliance & Alignment
Digital Operational Resilience Act (DORA) – ICT third‑party risk requirements.
Delegated Regulations (EU) 2024/1773 / 1774.
Markets in Crypto‑Assets Regulation (MiCAR) – operational resilience and safeguarding.
Interpret regulatory requirements and translate them into risk controls and monitoring practices.
Reporting & Governance
Produce regular reporting on third‑party risk exposure.
KRI breaches and trends.
Critical provider risk profiles.
Open issues and remediation status.
Report to risk committees and senior management.
Support CRO in providing risk transparency.
Benefits & Working Conditions
Immersive work in crypto – master cutting‑edge technologies.
Work in a fintech of the future – develop skills in digital finance and shape the global market.
Professional growth – gain unique experience and be part of global transformations.
Innovation impact – influence the industry and contribute to groundbreaking solutions.
Strong team – collaborate with experts worldwide and grow alongside the best.
Work‑life balance – modern equipment, comfortable working conditions, inspiring environment.
25 business days of paid leave.
Additional days off for national holidays.
Salaries are determined in accordance with the Collective Agreement for Employees in Information and Consulting, with potential overpayment in line with market standards based on qualifications and professional experience.
#J-18808-Ljbffr
Third-Party Risk Manager/ВСМ/Legal DORA from €121100 • Viena, Austria • 5-7 years of experience • Arbeitgeber: WhiteBIT Group
WhiteBIT Group ist ein hervorragender Arbeitgeber, der seinen Mitarbeitern in Wien ein dynamisches Arbeitsumfeld bietet, das Innovationen im Bereich Blockchain-Technologie fördert. Wir legen großen Wert auf eine starke Teamkultur und bieten wettbewerbsfähige Vergütung sowie zahlreiche Möglichkeiten zur beruflichen Weiterentwicklung, um sicherzustellen, dass unsere Mitarbeiter in ihrer Karriere wachsen können.