About our team

BCR is the place where you learn, grow, and contribute to shaping the future of banking. We are recognized as a school of excellence in banking, a top employer in the banking sector, and a team open to learning, where every colleague feels noticed and valued.

We are an organization that values people and supports them in having a life that brings fulfillment, security, and balance.

Your Role

As Head of Department – ICT & Security Risk Management, you will build and lead the ICT & Security Risk vertical, setting strategy, governance, and execution standards. You will provide clear, credible oversight and challenge across technology and cyber risks, shape risk appetite and KRIs, and ensure the organization demonstrates mature, regulator-ready risk management aligned to DORA and industry best practices.

How you will contribute

• Lead the ICT & Security Risk Management strategy and roadmap, aligned with business priorities, regulatory expectations, and risk maturity goals;
• Establish and manage a high‑performing 2nd line function with clear RACI, engagement standards, and evidence requirements;
• Own and continuously improve the ICT & Security Risk framework, including policies, methodology, taxonomy, assessment standards, and reporting cadence;
• Define and maintain risk appetite statements, risk limits, and KRI/KPI thresholds; ensure effective governance and escalation;
• Chair and drive governance routines to ensure clear, actionable outcomes;
• Oversee annual enterprise ICT risk assessments and thematic deep‑dives (e.g., cloud, IAM, data, ransomware readiness, legacy);
• Provide strong 2nd line challenge on major technology decisions, control gaps, and security findings (CtB/RtB), acting as the senior risk counterpart to CIO/CISO/CTO leadership;
• Contribute to Risk Acceptance\Evaluation process(NFR), ensuring decisions are risk‑based, time‑bound, and aligned to appetite;
• Align closely with Erst Group Bank Group colleagues and BCR’s Internal Audit and Compliance to reduce duplication, map audit issues to risks, and monitor closure quality;
• Deliver high‑quality risk reporting to senior management and relevant committees (Risk Committee, ExCo);
• Build insight‑led dashboards linking operational technology signals (incidents, downtime, vulnerabilities, change failures) to risk appetite and decision‑making;
• Provide 2nd line oversight of Security, Outsourcing and Third Party, Data privacy, Change Management and IT Resilience risks;
• Partner with Technology and DevSecOps leadership to reduce production instability and control drift;
• Coordinate effectively with BCM and Data Protection to ensure end‑to‑end resilience and compliance consistency;
• Build ICT & security risk capability across the 1st line through training, playbooks, and assessment templates.

What will help you be successful

• 10+ years of experience in ICT risk, cyber risk, technology controls, or security governance, including proven leadership roles;
• Demonstrated capability to design, implement, or mature ICT risk frameworks (policies, taxonomy, risk appetite, KRI models, assessment standards);
• Strong understanding of regulatory expectations and industry frameworks (e.g., DORA, NIST/ISO standards, COBIT/ITIL);
• Proven ability to influence senior stakeholders and operate effectively in a constructive‑challenge model, with strong executive presence and experience presenting to Risk Committees/Boards;
• Ability to build mature, audit‑ready ICT risk functions with consistent assessments, strong evidence standards, and effective governance and escalation practices;
• Expertise in cloud risk governance, ICT third‑party risk, and operational resilience disciplines.
• Strong judgment and decision‑making skills: able to balance rigor with pragmatism, maintain independence while building trust, and prioritize effectively under constraints;
• Outcome‑driven mindset with the ability to ensure risk appetite and KRIs meaningfully drive action and decision‑making;
• Certifications such as CISM, CISSP, CRISC, CISA, or ISO 27001 (nice to have).

Sounds like you'd be a good fit? Well, check out what we provide for our passionate people

• Monthly budget for flexible benefits through the Benefit Online platform;
• Performance-based bonus;
• Banking facilities, benefits for private pension and discounts on insurance policies;
• Gifts for special occasions;
• Private medical services for you and your family;
• Hybrid and flexible work schedule;
• Up to 27 vacation days depending on your professional experience;
• Extra 7 days off per year if you have used up your vacation days;
• One day off for your birthday;
• Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
• Subscription to Bookster.