IT and Cybersecurity Risk Manager

Role Profile

Within the Risk & Compliance department, a team of more than 40 talented professionals in Risk, Business Continuity Management, Internal Control and Compliance, spread across our various geographies, is ensuring to preserve the value assets and reputation of the company. Identifying and assessing risks, implementing mitigation actions, informing and raising staff and business awareness, monitoring and ensuring compliance with the appropriate regulations are the core activities embedded in our team.

In this department, Group Resilience, Operational and Technology Risk Team is covering the second line of defense function on ICT (Information and Communication Technology) Risk, including Data, IT, Cybersecurity, Business Continuity and Third‑Party risk for the Group. The team also ensures the continuous strengthening of ICT Risk Management and Digital Operational Resilience maturity across the Group. Stakeholders are located in all Euronext entities (Paris, Porto, Milan, Oslo, New York, Dublin, Copenhagen…).

We are seeking a proactive and structured IT and Cybersecurity Risk Manager to enhance our capacity to identify, assess and monitor the main ICT and operational risk drivers arising from both internal and external environments, including geopolitical tensions, market dependencies, technological disruption, AI evolution and emerging cyber threats. An important focus will be on forward‑looking risk assessments and the integration of emerging threats into the ICT risk framework.

You will play a key role in developing, coordinating and overseeing ICT Risk across the Group, working closely with a broad community of key experts, including Risk Managers, Business Continuity Managers, IT and Cybersecurity specialists, and Data and Innovation teams.

You will actively contribute to the definition, consolidation and reporting of the Group ICT Risk Profile, supporting senior management oversight and informed decision-making related to digital and operational resilience, taking into consideration internal maturity and also external context (cyber threat intelligence outputs, analysis of geopolitical, physical and climate-related risks)

You will support the deployment of the Digital Operational Resilience Strategy and actively contribute to support the team in AI risk assessment.

You will work closely with the teams to ensure that the risk culture is well spread in the organisation and that the proper mitigation actions are developed and maintain to limit the risk while considering business priorities.

You will also optimize ICT risk tools, methodologies and processes to ensure consistency and effectiveness across the Group.

Key Accountabilities

We are looking for a motivated person to join the Group Risk team. You will support the team in strengthening the Group’s ICT risk management framework and Digital Operational Resilience Strategy across all Euronext entities.

You will contribute to the development of local ICT and operational risk profiles within Euronext entities and support transversal, Group‑level risk analyses.

Mains activities are:

Threat intelligence; Emerging Risk

• Support the preparation of regular monitoring and analysis of the external risk environment, including emerging ICT and operational risks.
• Contribute to the identification of risk scenarios and potential impacts related to cyber threats, AI evolution, geopolitical developments, and other emerging risk drivers.
• Coordinate inputs with the Cyber Threat Intelligence (CTI) team and consolidate insights obtained from internal and external working groups.

Contribute to Group and Local Risk profiles

• Collaborate with internal stakeholders to identify, assess, and monitor ICT risks (including cybersecurity, data, IT, third‑party providers, and Business Continuity), ensuring alignment with company policies and regulatory frameworks (e.g., DORA, ISO 27001).
• Assist in conducting ICT asset risk assessments, including the evaluation of criticality, exposure, and dependency risks.
• Support the creation and maintenance of ICT risk registers and dashboards, ensuring accurate documentation and reporting.
• Contribute to the development and enhancement of ICT risk mitigation strategies and action plans.
• Participate in change management and project management Risk oversight
• Participate to development of Operational Risk Indicators

Risk Process optimization, template and Reporting

• Support the review and enhancement of ICT risk management processes, methodologies, templates and tools, including internal procedures.
• Contribute to the preparation of internal reports, dashboards and presentations for management and governance forums.
• Assist with the tracking of action plans and improvement initiatives and support the sharing of best practices across the risk management community.
• Contribute to the development of ICT Risk awareness programs and training initiatives

AI Risk framework

• Review and challenge AI Risk Assessments performed by the Business Teams in line with LOD2 responsibilities
• Actively contribute to the AI risk management framework update 
• Participate in AI Decision Committee, contributing to discussions on ongoing AI use cases and broader AI governance topics

Required Skills & Experience

Education and Experience

• Minimum 3 years of higher education in IT, cybersecurity, or risk management, or equivalent experience.
• Entry-level knowledge of IT systems, cybersecurity concepts, and risk management frameworks.
• Familiarity with standards and best practices such as ISO 27001, NIST, CIS
• Understanding of financial regulation (e.g., MIFID, DORA, NIS 2) is a plus.

Skills and Competencies

• Fluent in English (daily use); French is a nice-to-have.
• Strong analytical and problem-solving skills.
• Autonomy, proactivity, and ability to summarize complex information.
• Excellent communication skills, both written and verbal.
• Interest in digital risk