IPF Digital AS - IT Risk Controller

Main purpose of job

As an IT Risk Controller you play a crucial role in identifying, assessing, and managing the various risks of information technology. You will work as a global IT risk controller of IPF Digital AS, Estonia. You will report directly to IT Director of IPF Digital. You can be located either in Estonia or in Finland, via cross border working, contracting directly with our Estonian business unit.

Key accountabilities
•Identify IT risks, including cybersecurity threats, data breaches, system vulnerabilities, third-party vendors within the organization. Conduct risk assessments to evaluate the potential impact and likelihood of identified risks.
•Develop strategies to mitigate, transfer, avoid, or accept risks, ensuring alignment with our risk appetite and regulatory requirements.
•Create and update IT risk policies, procedures, and controls.
•Ensure compliance with relevant laws, regulations, and industry standards identifying opportunities for improvement and innovation in risk controls.
•Interpret regulatory guidelines and assess organizational compliance gaps, implementing measures to address non-compliance issues proactively.
•Lead the response to IT incidents, including investigation, reporting, and resolution, minimizing the impact on the organization.
•Develop and deliver training programs to enhance the risk awareness and compliance.
•Provide regular reports on the status of IT risks, control effectiveness, and mitigation efforts to EMI Management Board and senior management.
•Foster a culture of risk awareness and accountability across the organization through training, education, and awareness programs.
•Collaborate with relevant stakeholders to develop and maintain disaster recovery and business continuity plans to ensure the resilience and availability of critical IT systems and services.

Top 5 Essential Criteria

1. Relevant professional certifications are a plus, such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), or CISSP (Certified Information Systems Security Professional)
2. Knowledge of risk assessment methodologies and regulatory compliance, especially EMI and financial regulations.
3. Proven experience in IT risk management, cybersecurity, or a related field in a global organization.
4. Experience in developing and implementing risk management policies, procedures, and controls.
5. Strong understanding of IT systems, networks, and security technologies.