QA Agility - IT Audit Expert

DORA Audit Expert International Exchange.

Job Title : DORA Audit Expert.

Job Location : Remote.

Experience : 5+ Years.

Job Description :

- The DORA Audit Expert will be pivotal in guiding the business through the complexities of DORA requirements and overseeing compliance with operational resilience standards and ICT-related regulations for financial entities (FEs).

- This position involves a blend of deep regulatory expertise, audit leadership, and hands-on execution to ensure that the company adheres to all regulatory and risk management expectations.

Key Responsibilities:

DORA Compliance Audit & Assessment:.

- Lead DORA compliance audits for the organization, including risk assessments and gap analyses.

- Assess the digital operational resilience of the company's ICT systems, processes, and operational infrastructure.

- Collaborate with cross-functional teams to ensure all aspects of DORA are covered, including ICT third-party providers (CTPPs) and the resilience of critical ICT systems.

- Evaluate the effectiveness of IT governance frameworks, incident management, cybersecurity practices, and business continuity plans to meet DORA requirements.

Regulatory Guidance & Compliance Reporting:.

- Provide expert advice on DORA regulations and best practices to internal stakeholders.

- Prepare and present clear, actionable compliance reports and audit findings for senior management and regulators.

- Ensure accurate and timely reporting on DORA compliance status to relevant authorities.

Risk Management:.

- Develop and maintain a comprehensive risk register for digital operational resilience.

- Assist in identifying and managing risks related to critical ICT services and systems.

- Advise on risk mitigation strategies for the financial services sector, particularly in the context of digital and operational resilience.

ICT Third-Party Oversight:.

- Conduct due diligence, audits, and ongoing assessments of critical ICT service providers (CTPPs) to ensure compliance with DORA standards.

- Oversee the development and implementation of third-party risk management processes to ensure that external service providers meet DORA's operational resilience requirements.

Training and Awareness:.

- Develop training programs to raise awareness and understanding of DORA among key internal stakeholders and teams.

- Conduct workshops and seminars to ensure the team is aware of DORA compliance requirements and operational resilience best practices.

Continuous Improvement:.

- Recommend and implement improvements to current operational resilience frameworks to ensure continued DORA compliance and readiness for audits.

- Stay updated on regulatory changes, industry trends, and emerging best practices related to operational resilience and ICT risk management.

Education:.

- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Law, or related fields.

- Relevant certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or equivalent are highly desirable.

Experience:.

- Proven experience in conducting audits related to regulatory frameworks, particularly in the financial sector (preferably within the EU).

- In-depth knowledge of the Digital Operational Resilience Act (DORA) and EU financial regulations.

- At least 5 years of experience in risk management, compliance, or audit within the financial industry, focusing on operational resilience and ICT risk management.

- Strong understanding of ICT systems, third-party vendor management, and cybersecurity standards.

- Experience with international financial exchanges or similar institutions is a plus.

Skills & Competencies:.

- Strong analytical and problem-solving skills with a detailed understanding of risk assessment methodologies and compliance requirements.

- Excellent communication and interpersonal skills, with the ability to work with cross-functional teams and manage external stakeholders.

- Knowledge of industry-leading frameworks such as ISO 27001, NIST, or other security and operational resilience standards.

- Ability to work independently, prioritize tasks, and manage multiple projects effectively.

- Fluency in English, both written and verbal.

- Knowledge of additional languages is a plus.

Preferred Qualifications:.

- Master's degree in a related field (e. , Cybersecurity, Business Continuity Management, Risk Management).

- Experience working with or within financial exchanges, trading platforms, or large financial institutions.

- Expertise in conducting audits related to regulatory frameworks such as MiFID II, PSD2, GDPR, and others.