Cyber and IT Risk Manager

Join us in building the future of finance. Our mission is to democratize finance for all - and it has never been more urgent. An estimated $124 trillion in assets is expected to transfer to younger generations over the next two decades. This is the largest wealth shift in human history—and we're building at the center of it. We're applying frontier technologies to tackle the world's biggest financial problems and give people power to shape their future. To do that we're assembling an elite team: Bold thinkers. Sharp problem-solvers. Builders who are wired for urgency and precision.

About The Team & RoleThe Risk Management team's mission is to establish a strong risk culture and implement a programmatic approach to manage and mitigate the risks to which Bitstamp Group is exposed, to enable the business to grow in a sustainable way and to meet regulators' expectations around independence and risk challenge. As a Cyber and IT Risk Manager, you will be operating as part of the 2nd line of defense function, to provide challenge and oversight to the design and implementation of IT and security controls and processes.

This role is based in our Luxembourg office, with in-person attendance expected at least 3 days per week. At Bitstamp by Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams. What You'll DoLead thematic/deep dive reviews to assess the controls effectiveness against key risk scenariosReview self-identified risk issues and acceptance to ensure the business is operating within Risk Appetite.

Support business Risk Control Self-Assessments with appropriate subject matter expertiseReview and challenge Control Assurance outcomes as performed by 1st line. Conduct Operational Risk Event reviews related to Technology and quality reviews on Self-identified risks/issues. Provides expert advisory on security framework, policies, standards and guidelines to a complex level, and contribute to their development where appropriate, etcProvide challenge and oversight over major technology related initiatives in relation to BESA's Risk Appetite.

Support the business by providing an informed view of Risks related to changes and new initiativesEngage with major transformation changes proving strong risk advisory and oversight practicesDevelop an opinion on BESA's risk and effectiveness of our controls.

Recommend Key Risk Indicators and assessments as requiredDeliver reports and/or scorecards on the risk profileDevelop effective business and technology relationships with key stakeholdersPromotes a risk aware culture and communicates best practices to business and IT contactsEducate the business on cyber and technology risk, balanced risk approaches, and risk acceptanceProvide Cyber and Technology interpretation to first line of defense, the business and corporate functions on standards and control requirements. Provide expert input and challenge to risk and control assessment activities performed by the first line teams.

Analyze the policies and standard in the lens of the regulatory requirements for BESA jurisdictions and develop local addendum. On day one you'll bringMinimum 3 years experience of technology audit experience. Minimum 5 years Cyber and Technology risk experience. Minimum 5 years experience of working in a highly regulated environment, ideally within the finance sector and of regulatory interaction. Knowledge of CSSF and other European IT and Cyber regulations. Multi lingual (Proficient in English - written and oral)