Information Security Risk Management Specialist (Controls Assesment)

Project description

Join our Development Centre in Bucharest and become a member of our open-minded, progressive and professional team. In this role you will be working for one of our world-famous clients. The Chief Security Office (CSO) of our client comprises the Chief Information Security Office (CISO) and the Corporate Security unit. The CISO organization guarantees information security for our client. TDI CSO GBTS as part of CSO is responsible for governing Information Security Risk (ISR) across the first line of defense, ensuring alignment with the Second Line of Defense (Operational Risk Management – ORM), and supporting our client's non financial risk management processes within the Chief Risk Office (CRO). This includes sustained management of residual risk, risk remediation, and adherence to Risk Appetite. This role operates with a strong strategic lens, supporting alignment of first line risk assessment practices, risk treatment concepts, and evidencing standards to ensure they remain consistent, defensible, and scalable across regulatory, thematic, and transformation driven demands. On top of attractive salary and benefits package, Luxoft will invest into your professional training, and allow you to grow your professional career.

Responsibilities

• You lead and coordinate end to end risk assessment and risk treatment lifecycle, including execution quality, consistency, and sustainability across the first line of defence.
• You support the governance and alignment of first line risk assessment methodologies, quality standards, and risk acceptance thresholds, ensuring consistency with ORM ISR expectations and regulatory requirements.
• You serve as the senior first line interface for ORM ISR, Audit, and Regulators on Information Security risk positioning, acceptance decisions, and treatment sustainability.
• You oversee alignment of risk treatment concepts, remediation narratives, and ORM operating conditions, ensuring risk positions are evidence based, forward looking, and defensible.
• You integrate emerging and evolving technology risks (e.g. Artificial Intelligence, Quantum Computing, Technology Risk Assessments) into transformation programmes, scenario analysis, and portfolio level risk reporting.
• You provide strategic oversight and capacity planning for regulatory, thematic, and transformation driven risk assessments, ensuring timely and high quality delivery without degradation of standards.
• You actively challenge and guide stakeholder contributions across the first line to improve the maturity, clarity, and sustainability of risk assessments and risk treatment positions.

SKILLS

Must have

• 5-7 years’ work experience in Information Security risk management, enterprise risk assessment, or non financial risk within large, complex organisations.
• University degree in Information Security or equivalent qualification preferred, ideally IS certifications.
• Strong understanding of risk assessment methodologies, residual risk concepts, risk appetite, and risk treatment evidencing, ideally within a regulated financial services environment.
• Demonstrated ability to operate as a senior role holder, engaging effectively with ORM, Audit, Regulators, and senior management.
• Experience integrating emerging technology risks into existing risk management, transformation, and scenario based assessment frameworks.
• Excellent stakeholder management skills, with the ability to influence and challenge senior SMEs and control owners while maintaining constructive working relationships.
• Fluent in English, both verbally and in writing, with the ability to produce clear, concise, and audit defensible documentation.

Nice to have

• Experience in a multinational environment would be a plus