• Develop an understanding of the Banks' business models and familiarity with technology services provided by the affiliate technology organization, as well as familiarity with active technology risk initiatives and their impact on each Bank
• Assist with the development of KRIs for monitoring and identifying risk exposures and KPIs to measure performance and facilitate decision-making
• Produce reporting for various Bank governance forums
• Regularly review metrics to identify trends and issues
• Guide the Firm's technology teams on developing automation for Bank metrics
• Contribute to key regulatory and risk initiatives, and report on risk exposures to enable informed decision-making
• Participate in Firm technology and information security governance and risk forums to represent Bank interests
• Assist with the preparation of responses to technology-related regulatory requests
• Assist with metric data quality checks and validations to ensure data is complete, accurate, consistent, relevant, and timely
• Assist with the review and validation of metrics procedure documents to ensure key information is captured that supports metric production
• Assist with data analytics and summarize results for management reporting

Skills: Data Analytics, Risk Reporting, Metric Validation, KRI Development, KPI Monitoring, Regulatory Support, Automation Guidance, Governance Participation

• Support the implementation and operation of the Group IT Governance, Risk and Compliance framework
• Implement and manage the IT risk management framework
• Facilitating risk reviews to identify, quantify and mitigate IT risks
• Regular stakeholder engagement, providing advice and guidance on risk management
• Assure the adequacy of IT controls to manage risk
• Provide recommendations and monitor progress to ensure controls are improved and effective
• Involvement in risk mitigation projects 
• Monitor and report compliance with relevant policies, standards, procedures, legislation and regulations
• Ensure accurate, timely and relevant reporting on IT Risks to various Risk Boards and Committees

Skills: Risk Management, IT Governance, Control Assurance, Risk Mitigation, Compliance Monitoring, Stakeholder Engagement, Risk Reporting, Policy Implementation

• Operationalize and lead the end-to-end security activities - being engaged in reviewing and recommending the implementation of safeguards to reduce the overall cybersecurity risk posture
• Identify, assess, monitor and report all IT-related Risks in a manner that meets compliance, regulatory and RFM requirements
• Coordinate efforts to implement IT cyber-relevant regulatory requirements and Group IT security policies and initiatives
• Manage application security and review application security design and provide recommendations to the business/function
• Work with the Group technical/security team to accomplish security assurance on all IT projects, to identify security weaknesses and track the issue remediation
• Responsible for defining and following up on security-relevant KRI, controls, and processes to identify potential risks and threats in IT systems, to ensure the implementation and application of security standards
• Identify vulnerabilities/technical weaknesses and coordinate with ITSO to implement the corresponding remediation action plans derived from security reviews and audits
• Work closely with the Group security team and internal and external audit teams to coordinate related security and risk review activities
• Monitor and respond to security incidents/DLP events and provide analyses and management reporting
• Develop an enhanced solution for continuous improvement
• Oversee the development and implementation of security controls and regulatory compliance checking
• Initiate, facilitate and promote activities to create information security risk awareness within the bank
• Develop local IT security standards and procedures to align with Group and regulatory requirements
• Maintain the up-to-date knowledge/skillset within the team, can work independently or cooperate well with other teams with a proactive and positive attitude

Skills: Cybersecurity Management, Risk Assessment, Regulatory Compliance, Security Assurance, Vulnerability Management, Incident Response, Control Implementation, Risk Reporting

• Developing risk management strategies, evaluating potential risks and exposures in Technology, and determining how to effectively minimize those risks and develop procedures that can be implemented
• Working closely with business and/or project owners to influence a strong risk culture 
• Conducting risk workshops, guiding risk assessments and strategies
• Overseeing risk remediation activities against appropriate timelines
• Drafting management reports for formal governance forums, making sure risks are articulated clearly and the right information gets to the right people for the right decisions to be made
• Working closely with project and operational teams to ensure projects with technology solutions are appropriately designed to minimize delivered risk
• Lead strategic initiatives to further improve risk service offering and mature risk and compliance management for the Group
• Lead and coach others in a team
• Continuous learning to deepen understanding of the business, risk management practices and industry developments

Skills: Risk Strategy, Risk Evaluation, Risk Culture, Risk Assessment, Risk Remediation, Governance Reporting, Project Oversight, Team Leadership

• Direct contribution to the BNPP operational permanent control framework
• Contribute to the implementation of operational permanent control policies and procedures in day-to-day business activities, such as the Control Plan
• Ensure appropriate escalation to management and/or permanent control (or compliance) as soon as an issue is identified
• Minimize operational failure, including but not exclusively the risk of fraud, by helping to devise and implement sufficient regular controls
• Contribute to the reporting of all incidents according to the Incident Management System
• Comply with internal and external regulatory and compliance requirements
• Ensure audit recommendations are resolved within the specific timeline
• Comply with the BNPP standards of the Code of Conduct
• Comply with the BNPP IT Security policies

Skills: Control Implementation, Risk Monitoring, Incident Reporting, Compliance Management, Audit Follow-up, Fraud Prevention, Issue Escalation, Policy Adherence

• IT and risk management experience
• IT and cybersecurity experience
• Must have Cyber security certifications (e.g., CISSP, CISM, etc.)
• Working experience in Financial services
• Experience in a 2nd line IT risk management or internal IT audit role or as an auditor or consultant at one of the 'Big Four' audit firms
• Strong knowledge of IT processes and systems and operational risk management
• Excellent command of the spoken and written Dutch language 
• IT security experience in designing, implementing and maintaining IT security solutions, such as firewalls, SSL VPNs, intrusion prevention systems, SIEMs, privileged ID management, PKI, DLP, etc.
• Experience in the area of IT security compliance and assurance 
• Strong analytical skills with proficiency in data analytics, visualization and programming (e.g., Tableau, SQL, Python)
• Self-motivated with strong interpersonal and stakeholder management skills
• Excellent verbal, written communication and interpersonal skills with stakeholders at all levels

Qualifications: BA in Business Administration with 6 years of Experience

• Experience in IT Risk management or IT audit in an insurance company
• Experience in being a (trusted) advisor for senior management
• In-depth knowledge of the IT Risk management framework and how it can be used in a complex company
• Excellent social and consulting skills
• Very good analytical and judgment skills
• Hands-on experience in IT Governance, Risk, and Compliance, GRC tools and techniques, and/or policy/procedure development
• Good understanding of IT Operations, technology architecture, Cloud infrastructure (AWS/Kubernetes) and secure development life cycle
• Experience in identifying, advising and evaluating IT controls in support of IT risk assessments
• Profound knowledge of industry standards and risk management frameworks (e.g., ISO 31K, ISO 27K, COBIT, OCTAVE, FAIR, NIST)
• Strong background in Java development
• Previous experience with AWS
• Prior experience in the risk management field/industry

Qualifications: BS in Information Technology with 5 years of Experience

• Experience with non-financial risk management in financial institutions
• Effective communication and cooperation skills and the ability to work with stakeholders at all levels of seniority
• Strong sparring skills and ability to stand ground
• Ability to break down policies and frameworks into actionable and value-added guidance
• Progressive professional experience in roles involving information security and/or IT management
• Comfortable independently engaging with client representatives up to the executive level and all levels of PwC management
• Able to produce written documentation at a level appropriate for submission to PwC clients and use in legal documentation - MSAs, SOW's and RFP responses
• Adept at translating technical IT security concepts into business terms
• Ability to work comfortably with all levels of leadership
• Ability to address risk utilising standardised and consistent methodology
• Significant expertise in IT Governance, Risk Management and Controls, with a strong track record in IT Assurance, IT Audit and IT Process Management - Banking/FS experience
• Experience in IT Risk Management, Frameworks, Controls, Processes and tools specifically within Banking, Financial Services or IT Risk Consulting Services
• Thorough understanding of various IT Standard Frameworks, Processes, Controls and good practices such as COBIT, CISA, ITIL, ISO 20K, CMMI, PMBOK, etc.

Qualifications: BS in Computer Science with 8 years of Experience

• Working experience in an IT Risk Mgmt role with a proven track record of executing risk management strategies that address both short-term commitments and longer-term strategic objectives
• In-depth understanding of risk management principles and regulatory frameworks for Information Technology 
• Experience in developing strong working relationships with technology and business areas to facilitate successful risk management
• Ability to assess controls and have experience with common operational risks associated with highly regulated industries
• Detailed knowledge of common risk management standards and models, such as ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
• In-depth knowledge of common information security management frameworks, regulatory requirements and applicable standards, such as ISO 27001, SOC 2, HIPAA, SOX, etc.
• Experience in Risk Management and IT
• Knowledge of reporting processes such as SOX, Service Assurance, Swift
• Basic knowledge of Business Continuity Management, Information Security, IT Risk, Identity Access Management, Compliance and Privacy
• Good oral and written communication skills
• Proven analytical ability and attention to detail
• Solid leadership and interpersonal skills
• Proven ability to work well in a fast-paced, team environment
• Demonstrate the ability to work in a team environment and handle multiple concurrent assignments

Qualifications: BS in Information Systems with 7 years of Experience

• Must have CISA, CIA, CRISC, CISSP, CISM, CPA, CFE or other relevant certification
• Experience in a manufacturing environment 
• Proven affinity with the values and mission of Triodos Bank
• Work experience within IT (risk) or ORM with an IT focus
• Working experience in an international setting 
• Excellent oral and written communication skills in English and Dutch
• Able to combine a risk attitude with business understanding
• Able to provide IT advisory services surrounding Risk and Controls to Leadership across all business lines at the Company
• IT infrastructure audit or risk experience (Windows / Unix) with experience in Financial Services or Tech / FinTech industries
• Working experience in Cloud systems
• Self-driven, independently working and highly team-oriented personality
• Strong analytical and problem-solving skills
• Ability for independent decision-making and issue resolution

Qualifications: BA in Risk Management with 5 years of Experience