Devoteam Cyber Trust| GRC Consultant

Devoteam Cyber Trust is the Cybersecurity specialist arm of the Devoteam Group. With our 800+ experts located across EMEA, we aim to establish cybersecurity as an enabler of business success rather than a gatekeeper. We leverage an end-to-end approach to Cyber Resilience, Applied Security, and Managed Security services to secure the tech journey of large and medium-sized companies from all sectors and industries.

Since 2009, previously known as INTEGRITY, our team based in Portugal is specialised in providing cutting-edge Managed Security Services that combine its expertise and proprietary technology to consistently and effectively reduce the cyber risk of our clients.

The comprehensive service range includes Persistent Intrusion Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management. ISO Information Security) and ISO 9001 (Quality) certified, PCI-QSA, and member of CREST and CIS - Centre for Internet Security, we provide services to a considerable number of clients, operating in more than 20 countries.

Devoteam Cyber Trust is seeking a diligent and analytical Governance Risk & Compliance Consultant to join our dynamic team. This role is pivotal in strengthening our clients' risk posture, with a specific focus on implementing a third-party IT risk management framework to ensure compliance with the Digital Operational Resilience Act (DORA). The ideal candidate will be a skilled professional with a strong background in technology, information security, and risk management who thrives in a collaborative environment.

• Lead the implementation of a third-party IT risk management framework in accordance with DORA regulations.
• Develop and manage a centralised knowledge platform to ensure harmonised and efficient responses to client information requests.
• Respond to due diligence questionnaires and assessments from clients and counterparties on matters related to Compliance and Risk Management.
• Contribute to the continuous improvement of IT and information security risk management frameworks.
• Stay up-to-date with the latest cybersecurity trends and technologies.

• A Master's degree in Information Technology, Cybersecurity, Management, or a related field.
• Between 3 to 5 years of professional experience in IT risk, information security, or a compliance-focused role.
• Advanced knowledge of technology, information security principles, and control frameworks.
• A strong understanding of risk management methodologies and relevant regulations (e.g., DORA, ISO
• Good organisational, analytical, and problem-solving skills.
• Strong sense of ethics, integrity, and responsibility.
• Excellent oral and written communication skills, attention to detail, analytical skills, and problem-solving skills.
• Fluency in Portuguese and proficiency in English.

Nice to Have:

• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Auditor or Implementer, or similar are highly valued.
• Formal project management skills or certification.
• Knowledge of or a strong interest in the payments, electronic money, or virtual assets sector.

The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees' development;
• Collaboration in a company that is constantly growing and evolving.
• Strong organisational culture: collaboration, sharing, flexibility, integrity and low ego.

Would you like to join our team? Then send your CV.