Descripción de la oferta
We have a relentless passion for quality and a drive to keep ahead of the competition. If this sounds like the place where you can excel, then Allfunds is for you!Listed on Euronext Amsterdam in April 2021, Allfunds has over €1.7 trillion assets under administration. We are one of the leading B2B Wealthtech platforms for the funds industry, offering fully integrated solutions for both Fund Houses and Distributors. We built and continue to evolve an ecosystem that covers the entire fund distribution value chain and investment cycle, with solutions including dealing and execution, data and analytics tools, Regtech, ESG screening, and portfolio monitoring. Allfunds remains the sole fully integrated one-stop-shop in the industry.
We support this mission by linking fund houses and distributors of mutual funds at the operational and technological levels, providing them with a range of operational, analytical, and information services to ensure transactions are always executed efficiently and effectively.
Join our team and grow in a diverse and technology-driven environment with one of the leading companies in the wealthtech world.We are seeking an experiencedICT Risk Specialistto lead and evolve our technology risk capabilities within a digital first, globally regulated financial environment. This role requires a blend of deep technical expertise and strong GRC leadership together with the ability to manage technology related projects and service delivery activities.
You will work cross functionally with Technology, Cybersecurity, Compliance, and senior management, ensuring operational resilience, regulatory compliance, and a strong risk-aware culture across the organisationICT Risk Management
Lead the full lifecycle of ICT Risk management: identification, evaluation, mitigation, monitoring, and reporting.
Conduct and oversee technical risk assessments, including cloud, infrastructure, networks, applications, DevSecOps practices, and critical third parties.
Maintain and enhance the ICT Risk Register, KRIs, and risk reporting processes aligned with risk appetite and regulatory expectations.
Review and challenge technical controls across IAM/PAM, EDR/XDR, SIEM, WAF, encryption, network architecture, vulnerability management, ICT Operations and cloud security.
Analyse solution designs, infrastructure diagrams, and security configurations to identify threats and propose robust remediation actions.
Collaborate with IT and cybersecurity teams to interpret vulnerabilities (CVEs, OWASP, MITRE ATT&CK) and emerging threat scenarios.
Ensure compliance with regulatory and industry frameworks, including DORA, EBA ICT Guidelines, and NIST CSF.
Lead and coordinate internal/external audits and regulatory reviews related to ICT Risk and operational resilience.
Oversee technology third‑party risk management and cloud service provider assessments.
Project & Service Management
Lead ICT Risk projects and service delivery activities, such as technical assessments, risk reviews, or process improvements, ensuring high‑quality outcomes and timely execution.
Collaborate with project managers and service owners to embed ICT Risk requirements across change initiatives.
Prepare and deliver high‑quality materials for Executive Committees, Risk Committees, and regulatory bodies.
Drive ongoing enhancement of ICT Risk processes, methodologies, templates, and deliverables.
Lead & support the evolution of new ICT risk methodologies, tooling, automation, and reporting capabilities.
Promote innovation and process optimisation within the ICT Risk function.7 years in ICT Risk, Technology Risk, Cybersecurity, or GRC roles within financial services or regulated environments.
~ Strong technical understanding of cloud architectures (AWS, Azure, GCP), microservices, APIs, and modern infrastructure.
~ Hands‑on knowledge of security controls, vulnerability management, and operational resilience.
~ Strong stakeholder management skills with the ability to influence peers and senior leaders.CISSP, CISM, CRISC, CISA, CRISC, cloud security certifications.
Master’s degree in cybersecurity, risk, engineering, or similar fields.
