Risk & Governance IT Expert

Purpose of the Job

Quintet Private Bank is a leading private bank in the wealth management sector. We are committed to our clients and their families, and pride ourselves on our personalised service based on a deep understanding of what clients want to achieve. Compared to others, we are small (<2,000 employees across 50 European and UK locations) with an ambition to stay true to our purpose to be the most trusted fiduciary of family wealth. When you join Quintet you are joining a company that values diversity of background, equal access to opportunities, career development, collaboration and inclusiveness. We want our employees to feel proud of being part of a company that is committed to do the right thing. You will have the opportunity to grow your career while developing personally and professionally through various resources and programmes. 

 
We are seeking a highly motivated Risk and Governance Security Expert to join our IT Network & Security team. This role will focus on risk analysis, governance frameworks, and ensuring compliance with relevant regulations. The ideal candidate will have a strong background in risk assessment, audit follow-up, and governance processes. The successful candidate will work as part of the ITS Group Function in Network & Security Team of Quintet Luxembourg. 

Key Accountabilities

• Risk Analysis: Conduct comprehensive risk assessments to identify vulnerabilities, threats, and potential impacts on organizational assets. Support the IT Team in carrying out a Risk Analysis. Identify mitigation measures and support the team to implement it.    
• Risk Monitoring: Track and monitor identified risks, ensuring that appropriate mitigation strategies are in place and regularly updated. Oversee RCSA process, facilitating discussions and follow-ups to ensure effective risk management and control measures 
• Audits Follow-Up: Coordinate and follow up on internal and external audit findings, ensuring timely resolution of issues and implementation of recommended actions. 
• ERI Points Follow-Up: Manage the follow-up on Enterprise Risk Items (ERI) points, ensuring that all identified risks are addressed and mitigated appropriately, including a strong follow-up with the stakeholders. Develop, implement and maintain comprehensive policies, procedures and guideline about this process. Draft and review waivers once needed. 
• Due Diligence Review: Review due diligence documentation/SOC-2 reports for third-party vendors to assess their risk posture and compliance with security policies. 
• Procedure Review: Conduct regular reviews of Cybersecurity procedures and processes to ensure alignment with best practices, regulatory requirements and Quintet policies 
• DORA Regulation Alignment: Ensure compliance with the Digital Operational Resilience Act (DORA) by aligning internal processes and controls with its requirements. 
• Reporting: Prepare and present regular reports on risk status (ERI), compliance, and governance initiatives to stakeholders and senior management. 
• Collaboration: Work closely with IT and other departments to foster a culture of security awareness and ensure alignment of security practices with business objectives. Provide expert guidance to IT on Information Security best practises. Ensure link between the Group CISO and DPO Team.  
   

Knowledge and Experience

• Master’s degree in Information Security, Computer Science, or a related field. 
• Minimum of 5 years of experience in risk management, security governance, or a related area, preferably within the banking or financial services sector. 
• Strong knowledge of risk assessment methodologies (e.g. risk framework 27005), security frameworks (e.g., NIST, ISO 27001) and Compliance regulations (GDPR, DORA, etc.) 
• Familiarity with security technologies and tools (firewalls, intrusion detection systems, SIEM, etc.). 
• IT Risks reporting 
• Cybersecurity Hygiene 
• Relevant certifications (CISSP, CISM, CCNP Security, etc.) are highly desirable. 
• Big4’s or Audit/Consulting firm experience is a plus 
• Ability to collaborate effectively with cross-functional teams 
   

Attributes and Qualities

• Well organized, self-motivated and proactive  
• High reactivity, flexibility, stress resistance  
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders. (oral/written)  
• Clients and services oriented , problem-solving skills. 
• Excellent analytical and organizational skills 
• Interacting with business  
• Networking  
• Project management  
• Sense of innovation  

Technical Skills

• Risk Assessment and Management. Skills in conducting risk assessments and developing mitigation strategies. 
• Good knowledge Firewall Next Generation (VPN, IPS, Anti-malware, Sandbox, URL Filtering, ...); Mail & Web gateways; 
• Familiarity with VPN and Remote access solutions, Endpoints Security (antivirus, antimalware), Threat Intelligence and Vulnerability Management, Cloud Security, Project Management methodologies (Agile, ITIL).

Languages Skills

• French C1/C2 
• English C1/C2 
• Dutch or German is an advantage.