Dora Control Officer IT Risk (Hybrid)

DORA CONTROL OFFICER (HYBRID LISBON OR PORTO)

Portuguese company hires for hybrid position

Location: Portugal Porto or Lisbon

Only candidates already basedin Portugal will be considered

Work Model: Hybrid/ Office-based in Portugal

Language Requirements:Fluent English French

Seniority: Senior (6years)

Sector: Banking

Instructions: Please send yourCV in English and make sure to include all skills and experience that match therequirements of the opportunity. This will significantly increase your chancesof success

About the Role

We are seeking a Senior DORA Control Officer to joina Cyber Security & IT Risk function in Portugal. This role iscentral to strengthening the organizations Digital Operational ResilienceAct (DORA) maturity working closely with cybersecurity IT risk andproject management teams.

You will act as a key control and advisory partnerensuring that programs and projects deliver measurable improvements in regulatorycompliance operational resilience and cyber risk management whilesupporting interactions with regulators and internal governance bodies.

This position is ideal for professionals with a strongbackground in cybersecurity governance regulatory frameworks and IT riskwho are comfortable operating across business IT and compliance functions.

Key Responsibilities

DORA Maturity Assessment & Compliance

• Collect and validate evidence of DORA compliance working closely with IT and cybersecurity teams
• Assess the quality of evidence provided by teams and identify gaps against target maturity levels
• Coordinate with IT Risk and Group-level stakeholders to obtain formal validation of DORA compliance
• Contribute to regulatory reporting and audit responses helping structure clear and accurate answers regarding DORA maturity

Project & Program Governance

• Support project and program steering including preparation and facilitation of governance committees
• Prepare status updates dashboards and communications for stakeholders at multiple management levels
• Monitor activities contributing to DORA maturity ensuring consistent and structured compliance reporting
• Pay special attention to non-core cyber projects impacting DORA such as backup management and Third Party Risk Management (TPRM)

Monitoring Reporting & Resource Management

• Document and track DORA maturity improvements including plans trend analysis and remediation (back-to-green) actions
• Support budget and resource management (FTE cost tracking) for DORA-related initiatives
• Work with Subject Matter Experts to anticipate risks and support continuous improvement

Technical & Regulatory Expertise

• Strong knowledge of regulatory frameworks and standards with the ability to translate them into internal policies and controls
• Solid understanding of IT and cybersecurity regulatory environments
• Experience in control functions including verification of processes and adherence to procedures
• General knowledge of cybersecurity risks frameworks and operational resilience requirements
• Ability to provide risk-based opinions challenge initiatives and support decision-making
• Broad IT knowledge including major processes assets and solutions
• Strong BusinessIT alignment skills understanding business needs and constraints

Methodologies & Tools

• Digital Operational Resilience Act (DORA)
• ISO 27001
• NIST Frameworks
• Microsoft Office (Excel PowerPoint Macros)

Soft Skills

• Strong collaboration and teamwork capabilities
• Excellent oral and written communication skills
• Ability to influence stakeholders and create personal impact
• High level of adaptability and organizational skills
• Ability to synthesize and simplify complex regulatory topics
• Comfortable challenging information and assumptions
• Capable of supporting and driving organizational change
• Strong networking skills and ability to anticipate business and strategic evolution

Keywords

DORA Digital Operational Resilience Act DORA ComplianceCybersecurity Governance IT Risk Regulatory Compliance OperationalResilience ISO 27001 NIST Third Party Risk Management TPRM Cyber Risk ITControls Regulatory Reporting Audit Support Senior Role Porto LisbonHybrid Work

#CI - PROC25704