Information Risk Manager / IRM Expert

What we do?

Aion Bank is a fully regulated European bank and credit institution that combines Vodeno’s proprietary, private blockchain-based platform with its ECB banking license, balance sheet and regulatory and compliance expertise to offer a comprehensive suite of embedded banking products. 

Aion has a track record of delivering fully compliant embedded banking solutions to retailers, eCom/marketplaces, banks/neobanks and fintechs, creating a better customer experience that drives conversion, increases engagement and fosters loyalty. 

Aion Bank is currently active in Belgium, Germany, Poland and Sweden, including a  retail business in both Belgium and Poland. 

Our biggest strength is our people - a group of highly intelligent, creative, result-driven and ambitious individuals who always rise to the challenge. Together, we create a positive, energetic and fast-paced work environment. We stay professional in getting things done, but remember not to leave our passion and fun behind.

We are currently looking for a Information Risk Manager / IRM Expert ready to join our adventure and share our ambition. 

What you will be doing?

We are seeking a highly skilled and experienced Information Risk Manager to join our dynamic team in a leading financial institution. As part of the second line of defence, you will play a crucial role in ensuring the organisation's information assets are adequately protected against risks. You will be responsible for overseeing the identification, assessment, and management of information risks, as well as providing expert guidance and support to the business. In this second line of defence role, you will ensure our information assets are protected against IT risks, security threats, data breaches, and outsourcing risks.

Your responsibilities

• Risk Identification and Assessment:
• Identify, evaluate, and document information risks associated with the organisation’s processes, systems, and technology
• Develop and implement risk mitigation strategies
• Challenge conducted data privacy impact assessments
• Assess and manage risks related to third-party partners, including BaaS
• Conduct information security assessments and due diligence checks of suppliers and third-party partners including BaaS, advising management on risk mitigation

Risk Management and Mitigation:

• Develop and maintain information security policies and standards
• Work with the first line of defence to develop action plans to mitigate identified risks
• Monitor and report on the effectiveness of risk mitigation strategies

Governance and Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards
• Liaise with regulatory bodies and ensure the organisation meets regulatory requirements

Training and Awareness:

• Develop and deliver training programs to raise awareness of information risks and promote a culture of risk management
• Provide guidance and support to staff on information risk management best practices

Incident Management:

• Lead the investigation and response to information security and payment incidents
• Monitor security systems and respond to incidents

Reporting:

• Prepare regular reports on the status of information risks to senior management
• Provide recommendations for improving the organisation’s risk posture

Skills you should have

• Minimum of 5-7 years of experience in information risk management, preferably within a financial institution
• Proven experience in implementing and managing risk management frameworks and processes
• Strong understanding of information security principles, standards, and best practices
• Excellent analytical, problem-solving, and decision-making skills
• Strong communication and interpersonal skills, with the ability to effectively communicate complex risk concepts to non-technical stakeholders
• Ability to work independently and as part of a team in a fast-paced environment
• Proficiency in risk assessment tools and methodologies

Core skills:

• Relevant Certifications such as CISSP, CRISC, CEH or equivalent
• Knowledge of Security Risk Management
• Experience in Cybersecurity or a Strong Willingness to Learn
• Experience with Supplier and Supply Chain Due Diligence Framework
• Knowledge of Control Frameworks, e.g., ISO 27k, NIST, CIS, COBIT
• Experience in One of the Three Leading Clouds: Azure, GCP, or AWS
• Understanding of CI/CD Processes and Tools
• Familiarity with Web Application Security Concepts (OWASP TOP 10) and Secure Coding Best Practices
• Knowledge of Popular Attack Methods (XSS, CSRF, SQL Injection) and Frameworks like MITRE
• Understanding of the SSDLC process and Its components
• Knowledge of Rest API and API gateway concepts
• Experience with financial markets and banking industry (Advantage)
• Knowledge of SWIFT CSCF Framework (Advantage)
• DORA, EBA Guidelines, PFSA Recommendations (Advantage)

What we offer

You will get an opportunity to work in an innovative, digital bank applying state of the art approaches and technologies.
Unless limited by banking regulations we offer a flexible form of contract.You will be provided an Individual Development Budget, dedicated to enhancing your professional skills.

If your role permits, we also offer flexible work location: home/office —  according to your preference. 

You and your closest family will be covered with VIP-level private medical care which includes dental treatment and a hospitalisation package. 

We care for our colleagues’ well being, therefore we cover psychological consultations if you ever feel you need such support. 

We co-sponsor your Multisport card and cover 50% of its cost.

You will work on computer equipment that delivers the best user experience — Apple MacBook.

If you feel like working from the office, we have beautiful space available for you in Brussels and Warsaw. Each office is very nicely located with convenient commute options by public transport and by bike. Our office in Warsaw offers healthy snacks throughout the day.

Our process

We keep our recruiting process simple. 
Step 1: Talk with one of our Recruiters about your to date experiences and ambitions
Step 2: Meet with your future Team Manager to deep dive on the role specifics and our work environment
Step 3: Meet with the Board Member to understand our vision and discuss how your experience and expectations fit what we are looking for

Equal Opportunity Statement

At Aion, we embrace diversity in all of its forms and nurture an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of opening new opportunities to businesses and people.
We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.