Governance Risk and Compliance Specialist

Your role at Exness:

We are currently looking for an experienced Governance Risk and Compliance Specialist for our Governance Risk and Compliance team.

The team develops and maintains information security documentation and processes, ensuring compliance with internal and external security requirements through audits and risk management. Fostering employee security awareness and overseeing information security compliance, this team also manages business continuity planning to ensure organizational resilience.
As a Governance Risk and Compliance Specialist you will ensure effective IT Governance, manage IT/Cyber risks, and maintain business continuity through policies, risk mitigation, disaster recovery plans, and compliance with international standards and applicable regulators requirements.

If you are not already located in Cyprus, relocation to Cyprus is a requirement for this role.

You will:

• Develop and implement policies, procedures, and regulations related to IT Governance (company-adopted frameworks, regulatory requirements).
• Conducting IT and Cyber risk identification, assessment, monitoring. Participate in defining risk mitigation measures.
• Define key metrics and thresholds to effectively monitor and manage IT/Cyber risks.
• Prepare regular reports on the IT/Cyber risk landscape, develop reporting metrics and dashboards.
• Develop, implement, and maintain Business Continuity Management system, Business Continuity Plans (BCP) and Disaster Recovery (DRP) plans, leveraging the CBCI 7.0 methodology and related standards.
• Organize drills and exercises for BCP/DRP, analyze results, and update plans accordingly.
• Coordinate actions during critical events (natural disasters, cyberattacks, IT infrastructure failures, etc.).
• Develop reporting metrics and dashboards.
• Collaborate with senior management and stakeholders to provide updates on IT Governance, IT/Cyber risk status, and business continuity strategy.
• Train key staff on methodologies for identifying, assessing, and managing IT risks, as well as incident response plans.
• Deliver presentations, seminars, and workshops to raise awareness of the importance of Governance, Risk Management, and Business Continuity among employees.

What makes you a great fit:

• Higher education in Information Technology, Computer Science, Information Security, or a related field.
• 7-10 years of experience in Cybersecurity, IT Governance, Risk Management, and/or Business Continuity.
• Practical experience with quantitative risk analysis (FAIR or other CRQ methods for quantitative cyber/IT risk assessment), as well as ISO 31000 standards.
• Hands-on experience in developing, testing and maintaining Business Continuity (BCP, DRP) plans, preferably aligned with CBCI 7.0 or similar international standards.
• Knowledge of key directives, regulations and supervisory requirements in the European Union (EU) related to IT, business continuity and cyber risk management for financial institutions (DORA, NIS2, EBA/GL/2019/*).
• Relevant professional certifications (e.g., CBCI, CBCP, ISO 22301 Lead Implementer/Lead Auditor, CRISC, CISM) are a plus.
• Experience participating in business continuity audits and preparing for reviews by external regulators or accredited organizations.
• English language proficiency at or above upper-intermediate level (for international collaboration and studying English-language standards and documentation).

What we offer along the way:

• Competitive and attractive compensation
• Extensive learning opportunities, such as professional training and certifications, soft skills development, free English courses, and trading workshops
• Health and life insurance for employees, spouses, and children, including vaccinations, tests, mental health care, and coverage for vision and dental care
• Generous time off, including 21 days of annual leave and paid sick leave
• Flight tickets, hotel or apartment accommodation for your first month, migration support, and legal help for you and your family for relocation to Cyprus
• Education allowance for your children’s school and kindergarten fees
• Access to our very own sports club with dedicated coaches, free Sanctum Club memberships for you and your spouse, corporate SUPs, jet skis, etc.
• A branded company car with a parking space near the office
• Outstanding team-building experiences and Exness community gatherings

Your journey after applying:

1. Interview with your Recruiter (30 minutes)
2. Short take-home technical test
3. Interview with Hiring Manager (1 hour)