Incident manager
Your Day to Day
- Monitor daily compliance with operational resilience and digital risk regulations
- Conduct risk assessments related to critical business functions and IT systems with a focus on cybersecurity exposure
- Plan and lead business continuity exercises and crisis simulation scenarios
- Draft and deliver regulatory communications including updates for the CSSF
- Prepare regular reports on compliance status and resilience performance for internal and external stakeholders
- Coordinate with IT legal procurement and security teams to ensure internal processes align with regulatory standards
- Oversee third-party and vendor risk evaluations to maintain external compliance
- Deliver awareness campaigns and internal training sessions on resilience and regulatory practices
- Track regulatory developments such as DORA and adapt internal procedures accordingly
- Operate autonomously in the Luxembourg office with three days per week on-site presence
- Report directly to the Chief Information Security Officer based in Italy
Your profile
- Proven experience in a regulated environment with a focus on operational resilience risk management and cybersecurity
- Strong knowledge of European regulatory frameworks such as DORA NIST ISO 22301 and ISO 27001
- Familiarity with CSSF communication practices and regulatory expectations in Luxembourg
- Solid understanding of information security third-party risk and business continuity planning
- Technical background in cybersecurity with a clear understanding of how to apply it in a business risk and compliance context
- Proactive and solution-oriented with the ability to work independently and adapt in fast-paced agile environments
- Comfortable working in a hybrid model with on-site presence and cross-border collaboration
- Excellent written and verbal communication skills in English with additional fluency in French or Italian as a plus
- Skilled at translating complex regulatory requirements into actionable plans and fostering a culture of compliance