All job openings

Project Manager (DORA)

Full Time
Legal & Risk, Product & Engineering
Limassol
Senior
Apply for this position

Project Manager (DORA)

Apply

We are launching an enterprise-wide DORA programme and seek a Project Manager (DORA) to lead planning and delivery across Legal, Risk, and Technology. You will own the roadmap from gap assessment to operationalisation, translating legal and regulatory requirements into pragmatic technical and process changes. You will work daily with the ICT Manager, ICT Risk Lead, Risk Manager, and IT Architects—speaking their language while ensuring legal robustness and audit-ready documentation.

Job Responsibilities

  • Own the end-to-end DORA programme: scope, plan, budget, risk, dependencies, and delivery governance
  • Lead DORA gap assessment and deliver a prioritised remediation roadmap with clear owners and timelines
  • Establish and embed the ICT risk management framework (governance, policies, standards, KRIs/KPIs)
  • Coordinate incident classification and reporting processes in line with applicable RTS/ITS; stand up runbooks and playbooks
  • Drive ICT business continuity and disaster recovery planning and testing; align with operational resilience objectives
  • Implement ICT third‑party risk management aligned to DORA (register, due diligence, contractual clauses, monitoring, exit/contingency)
  • Coordinate threat‑led penetration testing scoping and readiness (where applicable), including remediation tracking
  • Ensure robust change and configuration management procedures, including secure SDLC and DevSecOps practices
  • Align DORA activities with existing frameworks (ISO 27001, NIST CSF, COBIT, ITIL) and adjacent regulations (e.g., NIS2, GDPR) where relevant
  • Prepare board/management reporting and steerco materials; maintain evidence for auditors and competent authorities
  • Lead policy and standard updates; ensure traceability from DORA articles/RTS to internal controls
  • Design and roll out training and awareness across business and IT roles
  • Run effective vendor, architectural, and risk workshops; resolve design decisions with IT Architects and SRE/DevOps leads
  • Track delivery in Jira/Confluence or equivalent; maintain a single source of truth for programme documentation
  • Serve as primary point of contact for internal audit, external auditors, and supervisory interactions on DORA topics

Key Tools and Practices

  • Jira/Confluence (or equivalent) for tracking, workflows and documentation
  • BPMN/UML for process modelling and diagramming
  • Risk registers, gap assessment templates and remediation roadmaps
  • Gantt/roadmapping for visibility; experiment design and reporting
  • GRC tools (e.g., Archer, ServiceNow GRC, OneTrust) for registers and monitoring

Qualifications

  • Legal education: Bachelor’s degree in Law or paralegal qualification; alternatively, demonstrably equivalent legal expertise proven in interview and references
  • IT education: Bachelor’s/Master’s in Computer Science/Information Systems or equivalent hands-on technical background sufficient to engage deeply with ICT managers, risk, and architects
  • Proven DORA experience: Hands-on leadership delivering DORA (or Level 2/3 RTS/ITS-aligned) programmes in a financial services, payments, banking, insurance, or fintech environment
  • Strong ability to translate legal/regulatory text into actionable technical and process requirements
  • Solid project/program management track record (3–7+ years), including multi-workstream delivery, resource planning, and stakeholder management
  • Excellent communication in English, written and verbal; confident presenting to executives and regulators

We encourage applications from all qualified candidates and provide reasonable accommodations on request (email [email protected]).

Other Skills

  • Certifications: PMP/PRINCE2/Agile (Scrum), CISA/CISM/CRISC, ISO 27001 Lead Implementer/Auditor, ITIL, and CISSP are beneficial
  • Experience with TLPT frameworks (e.g., TIBER‑EU/CBEST) and red/blue team coordination
  • Familiarity with ESA guidelines and RTS/ITS under DORA, as well as EBA/ESMA/EIOPA expectations
  • Knowledge of NIS2, GDPR, SOC 2, and operational resilience frameworks
  • Exposure to cloud-native architectures (AWS/Azure/GCP), CI/CD, IaC, SIEM/SOAR, CMDB
  • Experience with GRC tools (Archer, ServiceNow GRC, OneTrust) and service management (Jira/Confluence)

What Success Looks Like

  • 30–60 days: Complete DORA gap assessment; establish governance, RAID log, delivery plan, and reporting cadence
  • 90 days: Approved remediation roadmap; updated core policies; incident reporting and third‑party registers operational
  • 6 months: ICT risk framework embedded; first round of tests/exercises (BCP/DR, incident simulations) completed; measurable reduction of high-risk gaps
  • 12 months: Programme substantially delivered; sustained operations handed over with clear controls, metrics, and audit-ready evidence

How We Work

  • Cross-functional, hands-on, outcome-oriented delivery with clear ownership and measurable controls
  • Pragmatic documentation with full traceability from regulatory requirement to implemented control and evidence
  • Continuous improvement mindset: iterate, test, learn, and harden

How to Apply

Please send your CV and a short cover letter highlighting:

  • Your specific DORA delivery experience (scope, timeline, outcomes)
  • Examples of translating a DORA article/RTS into a technical/process control
  • A complex cross-functional issue you resolved between Legal, Risk, and IT

We welcome candidates who meet the must-haves and can demonstrate both legal fluency and technical depth in the interview. We are an equal opportunity employer.

Copy LinkFacebookLinkedInTwitter

Apply for This Position

Maximum allowed file size is 100 MB. Allowed Type(s): .pdf, .doc, .docx