Cyber and IT Risk Manager

Join us in building the future of finance.

Our mission is to democratize finance for all - and it has never been more urgent. An estimated $124 trillion in assets is expected to transfer to younger generations over the next two decades. This is the largest wealth shift in human history—and we’re building at the center of it.

We’re applying frontier technologies to tackle the world’s biggest financial problems and give people power to shape their future. To do that we’re assembling an elite team: Bold thinkers. Sharp problem-solvers. Builders who are wired for urgency and precision.

About the team & role
The Risk Management team’s mission is to establish a strong risk culture and implement a programmatic approach to manage and mitigate the risks to which Bitstamp Group is exposed, to enable the business to grow in a sustainable way and to meet regulators’ expectations around independence and risk challenge.

As a Cyber and IT Risk Manager, you will be operating as part of the 2nd line of defense function, to provide challenge and oversight to the design and implementation of IT and security controls and processes.

This role is based in our Luxembourg office, with in-person attendance expected at least 3 days per week.

At Bitstamp by Robinhood, we believe in the power of in-person work to accelerate progress, spark innovation, and strengthen community. Our office experience is intentional, energizing, and designed to fully support high-performing teams.

 What you'll do

• Lead thematic/deep dive reviews to assess the controls effectiveness against key risk scenarios.
• Review self-identified risk issues and acceptance to ensure the business is operating within Risk Appetite. 
• Support business Risk Control Self-Assessments with appropriate subject matter expertise.
• Review and challenge Control Assurance outcomes as performed by 1st line.    
• Conduct Operational Risk Event reviews related to Technology and quality reviews on Self-identified risks/issues.   
• Provides expert advisory on security framework, policies, standards and guidelines to a complex level, and contribute to their development where appropriate, etc.
• Provide challenge and oversight over major technology related initiatives in relation to BESA’s Risk Appetite. 
• Support the business by providing an informed view of Risks related to changes and new initiatives.
• Engage with major transformation changes proving strong risk advisory and oversight practices.
• Develop an opinion on BESA’s risk and effectiveness of our controls. 
• Recommend Key Risk Indicators and assessments as required.
• Deliver reports and/or scorecards on the risk profile.
• Develop effective business and technology relationships with key stakeholders.
• Promotes a risk aware culture and communicates best practices to business and IT contacts.
• Educate the business on cyber and technology risk, balanced risk approaches, and risk acceptance.
• Provide Cyber and Technology interpretation to first line of defense, the business and corporate functions on standards and control requirements. 
• Provide expert input and challenge to risk and control assessment activities performed by the first line teams. 
• Analyze the policies and standard in the lens of the regulatory requirements for BESA jurisdictions and develop local addendum. 
  

On day one you'll bring

• Minimum 3 years experience of technology audit experience. 
• Minimum 5 years Cyber and Technology risk experience. 
• Minimum 5 years experience of working in a highly regulated environment, ideally within the finance sector and of regulatory interaction. 
• Knowledge of CSSF and other European IT and Cyber regulations. 
• Multi lingual (Proficient in English – written and oral).