Head of ICT Risk Management

Head of ICT Risk Management
Department: Growth Markets
Reporting to: President Growth Markets
Location: (Line Manager, Location)

Key Relationships:
Internal: DGIEU Management, DGIEU Compliance, DGIEU Risk, DGIEU Critical/Important Functions Leads, Internal Audit, DGIEU Procurement & Outsourcing Governance, IntraGroup Outsourcing, Group Technology, Information & Security Operations, Business Continuity, Enterprise Resilience and Incident Management.
External: Regulators (BaFin, FCA, EU authorities), Third‑party providers, Outsourcers, Cloud providers.

Hours: Flexible working available
Number of Direct Reports: None

Job summary:
The Head of DORA & ICT Risk Management is a strategic leader responsible for designing, embedding, and governing the Digital Operational Resilience (DORA) framework across the EU business. The role provides enterprise leadership of ICT risk management, outsourcing oversight, regulatory engagement, incident governance, and digital resilience testing.

Responsibilities & technical skills

Digital Operational Resilience Leadership

• Lead the design and continuous enhancement of the DORA-aligned ICT Risk Management Framework.

• Advise senior leadership and the Board on regulatory expectations and required remediation.

• Own and govern outsourcing and critical third-party oversight aligned with DORA.

• Oversee incident classification, regulatory notifications, and remediation processes.

• Monitor material incidents and coordinate timely notifications and follow-up with BaFin and internal stakeholders.

• Produce Board-level reporting and actionable risk insights.

• Support first-line owners of ICT and operational resilience risks, coordinating risk identification, assessment, mitigation, and control testing.

• Lead ICT Third Party management for DGIEU, ensuring third-party arrangements meet regulatory requirements and support resilience objectives.

• Own the DORA-aligned resilience strategy and drive a structured improvement programme that benchmarks maturity, delivers remediation, and supports Board-level review.

• Oversee externally and intragroup provided services, including contracts, monitoring, Register of Information, and exit plans, ensuring BaFin and DORA compliance.

• Collate and assess outcomes of digital resilience testing and periodic self-assessments of the ICT Risk Management Framework.

• Review and challenge risk assessments, service-level controls, and root-cause analyses, ensuring corrective actions are implemented.

• Produce clear, data-driven reporting for senior management and the Board, highlighting key risks, control gaps, and strategic remediation actions.

• Support regulatory communications and drive continuous improvement to enhance operational resilience maturity.

• Drive cultural uplift in digital resilience across the enterprise.

Personal skills

• Exceptional communication and senior-level influencing skills.

• Strong analytical and problem-solving capability.

• Ability to operate in highly regulated, complex digital environments.

• Leadership experience with distributed or virtual teams.

• Deep understanding of DORA, ISO27001, ISO27005, BSI German IT Standard, NIS2, EBA guidelines, or EU regulatory frameworks.

• Experience in financial services or insurance sectors (preferred).