Summary

As a key member of Scope’s Technology Group, the Team Lead for Operational Security, Risk and Governance will play a pivotal role in safeguarding the integrity, confidentiality, and availability of our systems and data. This leadership position is responsible for driving the strategic and operational implementation of security, risk management, and IT governance frameworks across the technology organization. 
Operating within the regulatory environment of a European credit rating agency, the role demands a strong understanding of financial sector compliance, cybersecurity best practices, and enterprise risk management. The ideal candidate will bring a proactive, structured, and collaborative approach to ensuring Scope’s technology operations remain secure, resilient, and aligned with both internal policies and external regulatory requirements.
 

Duties & responsibilities

Operational IT Security Leadership

• Lead and manage the 1st line operational IT security team, ensuring effective day-to-day execution of security controls and incident response.
• Oversee the implementation and continuous improvement of security operations, including monitoring, detection, and response to threats.
• Ensure alignment of operational security practices with internal policies and regulatory requirements.

Regulatory and DORA Compliance Implementation

• Drive the operational implementation of DORA (EU Regulation 2022/2554) and other technology regulatory requirements across Scope’s technology teams and landscape.
• Maintain and coordination operational implementation of Scope’s operational DORA procedures in line with DORA’s five pillars: risk management, incident reporting, resilience testing, third-party risk, and information sharing 

Risk and Governance Oversight

• Identify, assess, and mitigate ICT-related risks within the Technology Group, ensuring risks are documented, escalated, and addressed appropriately.
• Maintain and enforce IT governance frameworks, policies, and procedures, ensuring compliance with internal standards and external regulations.
• Collaborate and serve as interface between technology  with second and third lines of defence (e.g., Risk, Compliance, Internal Audit) to ensure effective risk management and control assurance.

Stakeholder Engagement and Reporting

• Act as the primary point of contact for operational security matters within the Technology Group.
• Provide regular reporting to senior management, risk committees, and regulators on the status of ICT risk, incidents, and compliance.
• Support internal and external audits, regulatory reviews, and supervisory engagements.

Team Development and Culture

• Foster a culture of security awareness, accountability, and continuous improvement within the team and broader organization.
• Mentor and develop team members, ensuring skills and capabilities evolve with emerging threats and regulatory expectations.

Professional & personal qualifications

Educational Background:

• A university degree in Cyber Security, Computer Science, Information Systems, Risk Management, or a related field. 

Experience:

• Experience in IT security, risk management, or governance 
• Proven experience implementing and operationalizing regulatory frameworks such as DORA, NIS2, or GDPR
• Strong background in incident response, vulnerability management, and operational resilience testing.

Technical and Regulatory Knowledge:

• Deep understanding of cybersecurity frameworks (e.g., DORA, ISO 27001, etc).
• Familiarity with financial sector regulations and supervisory expectations (e.g., ESMA, BaFin, etc).
• Knowledge of third-party risk management and secure supply chain practices.

Leadership and Communication Skills:

• Demonstrated ability to lead cross-functional teams and manage complex projects under regulatory scrutiny.
• Strong interpersonal and communication skills, with the ability to engage effectively with senior stakeholders, auditors, and regulators.
• Fluent in English; German language is a plus.