Posted 6 days ago
No clicks
**Lead Risk Expert, ICT Risk (NAM Portugal)** Drive 2nd Line of Defense ICT risk management across NAM, setting strategy, monitoring risks, and improving controls. Key responsibilities include leading the ICT risk agenda, managing assessments, monitoring risk profiles, overseeing remediation, and delivering reports to management and boards. Required skills and experience: - Proven ICT/technology risk management experience - Familiarity with risk & control frameworks and 2nd Line of Defense (or equivalent) roles - International stakeholder management and communication skills - Knowledge of core ICT risk domains (information security, cyber risk, data risk, operational resilience)
- Compensation
- Not specified
- City
- Lisbon
- Country
- Portugal
Currency: Not specified
Full Job Description
Job ID: 4383
We are looking for a Lead Risk Expert for ICT Risk to join our NAM Risk Management & Control team in a full-time, permanent position. In this role, you will take functional leadership of ICT risk across NAM, setting the direction and driving the agenda for how ICT risks are managed, monitored and overseen within the 2nd Line of Defense. You will work cross-functionally and act as a key point of coordination across ICT risk activities.
You will be part of the wider NAM Risk Management & Control team, which covers the full risk taxonomy (including fund risk, operational risk and ICT risk), with a specific focus on developing ICT risk as a dedicated risk area.
About our team
Risk Management & Control provides independent risk oversight and constructive challenge across NAM, supporting a resilient and compliant business. Risk Management & Control, led by the CRO, is an international 2nd Line of Defence team responsible for risk management and oversight globally within NAM, including subsidiaries and branches. NAM operates across our main hubs in Copenhagen, Stockholm, Luxembourg, Helsinki and Lisbon. In this role, you will help establish and lead a new, specialised ICT risk team, working directly with 1st Line of Defence, senior management, and boards.
Collaboration. Ownership. Passion. Courage. These are the values that guide us in how we work and how we make decisions and that we imagine you share with us.
What youll be doing:
- As Lead Risk Expert in ICT risk team you will set the agenda for effective management, control, monitoring and oversight of ICT risks and controls within NAMs 2nd Line of Defence.
- Lead the ICT risk management & control agenda in NAM Risk Management & Control (2nd Line of Defence), including governance, policies, and operating model.
- Own and coordinate the 2nd LoD ICT risk assessment plan to monitor the risks that could compromise the security, reliability and resilience of NAMs ICT environment and services (e.g., information security and cyber risk, technology/IT risk, data integrity/availability, and operational resilience including business continuity), including review and challenge of 1st LoD assessments.
- Monitor the ICT risk profile through key risk indicators, control testing/monitoring, issue management follow-up and thematic reviews.
- Provide oversight and challenge on ICT risk remediation plans, ensuring clear ownership, timelines and sustainable control improvements.
- Deliver high-quality management and board reporting on ICT risk, and represent 2nd LoD in relevant forums and regulatory/audit interactions.
Who you are
This is the right role for you if you combine deep ICT risk knowledge with a pragmatic mindset and the ability to lead by example. You build trust with senior stakeholders, communicate clearly, and are comfortable challenging when needed - always with the goal of improving risk management and operational resilience.
Your background and skills include:
- Solid experience in ICT/technology risk management, risk & control frameworks, and 2nd Line of Defence oversight (or equivalent independent risk/challenge role).
- Demonstrated ability to set direction, prioritise and coordinate work across stakeholders (including senior management) in an international environment.
- Solid knowledge of core ICT risk domains such as information security, cyber risk, technology risk, data risk and operational resilience/business continuity.
- Effective communication and stakeholder management skills, with high integrity and the courage to question and escalate when required.
It would be ideal if you also have:
- Experience in regulated financial services and working with ICT risk-related regulatory expectations and supervisory dialogues.
If this sounds like you, get in touch!
Next steps
Submit your application no later than 30/06/2026.
At Nordea, we recruit from the widest possible pool and hire the most suitable person for the job. Because diverse perspectives make our team better. And once you are on board, you will find that we offer equal opportunities to everyone.
Great people often know great people please share if you have a friend who could be a perfect match for this job.
#NAM #NAM-Portugal
