IT Risk Specialist
1 day ago
Madrid
About Us Looking for your next challenge? Allfunds (AMS:ALLFG) is a fast-paced, dynamic, Wealthtech leader with 16 offices(*) around the globe and our employees are the best at what they do. We have a relentless passion for quality and a drive to keep ahead of the competition. We have a strong business foundation built by experts over 20 + years, with the flexibility and agility of start-up. If this sounds like the place where you can excel, then Allfunds is for you! Listed on Euronext Amsterdam in April 2021, Allfunds has over €1.7 trillion assets under administration. We are one of the leading B2B Wealthtech platforms for the funds industry, offering fully integrated solutions for both Fund Houses and Distributors. We built and continue to evolve an ecosystem that covers the entire fund distribution value chain and investment cycle, with solutions including dealing and execution, data and analytics tools, Regtech, ESG screening, and portfolio monitoring. Allfunds remains the sole fully integrated one-stop-shop in the industry. Founded in Madrid in 2000, we have operations in more than 60 countries, work with over 2,000 fund groups and facilitate access to 1,500 distributors. *Brazil, Chile, Colombia, France, Hong Kong, Italy, Luxembourg, Miami, Poland, Singapore, Spain (Madrid/Valencia), Sweden, Switzerland, United Arab Emirates and United Kingdom. At Allfunds we give you the tools, you blaze your trail! Our mission To transform the wealthtech world. We want to create value for our clients by providing the necessary tools to help investors gain the freedom to choose from the world’s best investment managers. We support this mission by linking fund houses and distributors of mutual funds at the operational and technological levels, providing them with a range of operational, analytical, and information services to ensure transactions are always executed efficiently and effectively. Join our team and grow in a diverse and technology-driven environment with one of the leading companies in the wealthtech world. Sounds interesting? Please take a closer look… We are seeking an experienced ICT Risk Specialist to lead and evolve our technology risk capabilities within a digital first, globally regulated financial environment. This role requires a blend of deep technical expertise and strong GRC leadership together with the ability to manage technology related projects and service delivery activities. You will work cross functionally with Technology, Cybersecurity, Compliance, and senior management, ensuring operational resilience, regulatory compliance, and a strong risk-aware culture across the organisation About the role: ICT Risk Management Lead the full lifecycle of ICT Risk management: identification, evaluation, mitigation, monitoring, and reporting. Conduct and oversee technical risk assessments, including cloud, infrastructure, networks, applications, DevSecOps practices, and critical third parties. Maintain and enhance the ICT Risk Register, KRIs, and risk reporting processes aligned with risk appetite and regulatory expectations. Technical Expertise Review and challenge technical controls across IAM/PAM, EDR/XDR, SIEM, WAF, encryption, network architecture, vulnerability management, ICT Operations and cloud security. Analyse solution designs, infrastructure diagrams, and security configurations to identify threats and propose robust remediation actions. Collaborate with IT and cybersecurity teams to interpret vulnerabilities (CVEs, OWASP, MITRE ATT&CK) and emerging threat scenarios. GRC & Regulatory Compliance Ensure compliance with regulatory and industry frameworks, including DORA, EBA ICT Guidelines, and NIST CSF. Lead and coordinate internal/external audits and regulatory reviews related to ICT Risk and operational resilience. Oversee technology third‑party risk management and cloud service provider assessments. Project & Service Management Lead ICT Risk projects and service delivery activities, such as technical assessments, risk reviews, or process improvements, ensuring high‑quality outcomes and timely execution. Collaborate with project managers and service owners to embed ICT Risk requirements across change initiatives. Foster strong collaboration with other risk and technology functions. Executive Reporting & Governance Prepare and deliver high‑quality materials for Executive Committees, Risk Committees, and regulatory bodies. Translate complex technical risks into clear, business‑oriented insights and recommendations. Continuous Improvement & Proactivity Drive ongoing enhancement of ICT Risk processes, methodologies, templates, and deliverables. Lead & support the evolution of new ICT risk methodologies, tooling, automation, and reporting capabilities. Identify gaps, inefficiencies, and emerging needs to strengthen resilience and maturity. Promote innovation and process optimisation within the ICT Risk function. About you Must‑Have 7 years in ICT Risk, Technology Risk, Cybersecurity, or GRC roles within financial services or regulated environments. Strong technical understanding of cloud architectures (AWS, Azure, GCP), microservices, APIs, and modern infrastructure. Hands‑on knowledge of security controls, vulnerability management, and operational resilience. Experience preparing governance and executive reporting packs. Strong stakeholder management skills with the ability to influence peers and senior leaders. Nice to Have Relevant certifications: CISSP, CISM, CRISC, CISA, CRISC, cloud security certifications. Master’s degree in cybersecurity, risk, engineering, or similar fields. Experience with risk automation tools or GRC platforms. What you will find when working at Allfunds: We believe in: All for Excellence All of our experience and expertise, along with the passion we put in everything we do. So, our clients, employees, and partners can count on us for the best services. All for Accountability We always looking to make a difference through our transparent and responsible attitude towards people and society. All for Empowerment We work to continuously enhance our tools and services to make them accessible to our clients. All for Inspiration People are our driving force and helping them to reach their goals is our biggest motivator. That is why we aim to adapt to their needs and wants, accompany them on their journey, and inspire them to reach their dreams. If you believe you match these values, we look forward to meeting you