Europæiske ERV is looking for an IT Compliance & Risk Officer

Are you a dynamic and dedicated IT Compliance & Risk Officer? And do you want to join an internationally owned insurance company? Then you might be our new colleague in this newly created position.

The Role

We are seeking an IT Risk & IT Compliance Officer to join our IT team at Europæiske Rejseforsikring, a subsidiary of ERGO International. Reporting directly to Nordic IT Director, the IT Compliance & Risk Officer will play a pivotal role in ensuring IT operations and systems align with internal policies, regulatory requirements, and group directives.

This role is instrumental in identifying, managing, and mitigating IT risks while implementing IT compliance frameworks across the organization. A strong emphasis will be placed on ensuring compliance with recent and upcoming regulations such as DORA (Digital Operational Resilience Act), the Digital Accounting Act, the European Accessibility Act, and the anticipated AI regulatory framework. Your day-to-day tasks will involve tasks like:

• Policy and Procedure Management:
• Develop, maintain, and enforce IT policies, procedures, and standards in alignment with ERGO Group & Münich Re directives and regulatory requirements.
• Conduct regular reviews of IT policies to ensure relevance and compliance with evolving regulatory frameworks, including DORA, the European Accessibility Act, and AI regulations.
• Regulatory and Group Directive Implementation:
• Analyse, interpret, and implement regulatory requirements impacting IT systems and processes, such as DORA, the Digital Accounting Act, and other industry-specific regulations.
• Drive the implementation of the European Accessibility Act’s requirements for IT systems and digital platforms, ensuring inclusivity and accessibility.
• Support the organization in preparing for upcoming regulations for AI, including the establishment of frameworks for transparency, ethics, and accountability in IT-driven AI projects.
• IT Risk Management:
• Identify, assess, and document IT risks across the organization, including risks related to cybersecurity, system operations, AI, and data privacy.
• Collaborate with the CISO to establish risk mitigation strategies and monitor the effectiveness of controls.
• Ensure that IT systems comply with DORA by addressing operational resilience risks and strengthening critical infrastructure.
• Compliance Monitoring and Reporting:
• Conduct and support regular audits, assessments and other activities, like disaster recovery plans, to ensure adherence to IT policies, regulatory requirements, and group directives.
• Prepare compliance reports for the CISO, senior management, and external regulators, providing actionable insights and recommendations for areas of improvement.
• Training and Awareness:
• Deliver training sessions and awareness programs for IT staff and key stakeholders to promote compliance with IT policies, regulatory frameworks, and new requirements (e.g., DORA, Accessibility Act, and AI regulation).
• Act as a point of contact for IT compliance queries, ensuring clarity and understanding across departments.
• Support for Regulatory Change Implementation:
• Work with the IT and business teams to implement changes required by new and upcoming legislation such as the Digital Accounting Act, ensuring seamless integration into current IT practices.
• Monitor and manage the impact of AI regulations, ensuring the organization is prepared for governance requirements, ethical use, and AI-related risk management.
• Incident and Change Management Support:
• Collaborate with IT operations and security teams to address compliance risks in incident management and change control processes.
• Ensure all incidents and changes align with established IT compliance frameworks.

The Profile

We think you thrive on building connections, optimizing processes, and bridging gaps effortlessly. You're natural at rolling up your sleeves and tackling tasks head-on with confidence. Ideally, you possess a mix of the following qualities:

• Education and Certifications:
• Master or bachelor’s degree in computer science, Information Security, Risk Management, or a related field.
• Relevant certifications such as CISSP, CISM, CRISC, or ITIL are strongly preferred.
• Experience:
• 5 years of experience in IT risk management, IT compliance, or a related field, preferably within the insurance or financial services industry.
• Proven experience working with regulatory requirements such as GDPR, Solvency II, DORA, and industry standards like ISO 27001.
• Knowledge of upcoming and evolving regulatory frameworks, including the European Accessibility Act, the Digital Accounting Act, and AI regulation.
• Skills and Competencies:
• Strong understanding of IT governance frameworks (e.g., ISO 27001, COBIT) and their implementation in regulated industries.
• Experience with operational resilience and critical infrastructure requirements under DORA.
• Ability to assess and prepare for regulatory changes, especially around AI governance and accessibility requirements.
• Excellent analytical, organizational, and problem-solving skills.
• Strong communication skills with the ability to bridge the gap between technical and business teams.

What we offer:

• Flexibility and the possibility of working from home 2 days a week
• Attractive employment conditions including pension, health insurance, travel insurance and accident insurance
• A dynamic, ambitious, and professional work environment
• Opportunity for personal and professional development in an internationally owned insurance company.
• Regular social events with welcoming, helpful, and highly qualified colleagues.

Further information

For more information, please contact:

• Hadi M’Barek, Nordic IT Director at 45 2550 1521
• Carsten Andersen, HR Business Partner at 45 2041 8275.

How to apply

Please upload your motivation letter, resume, and relevant diplomas as soon as possible. We review applications and interview candidates on an ongoing basis.

About Europæiske ERV

Europæiske ERV is the largest and oldest travel insurance company in Denmark. As part of ERGO International, we have over 100 years of experience in providing security and safety for travellers. Most Danish leisure and corporate travellers take out their travel insurance with Europæiske ERV, a trust achieved by ensuring personalized and rapid assistance from experts, no matter where you are.

Europæiske ERV’s Core Business:

We specialize in travel insurance for private customers in the leisure market (BtC, BtBtC) and the corporate market, including health insurance for employees stationed abroad. Our direct business focuses on Sweden and Denmark, with additional activities in Norway and Finland through insurance professionals and distribution partners.