Head of Information Security Governance, Risk & Compliance

CEO Office - Head Office Sofia

Sofia, valid to 31.01.2026

Lead, mentor, and develop a team of 12 GRC analysts, risk specialists, and compliance officers.
Oversee the bank’s Information Security governance framework, policies, standards, and procedures.
Direct enterprise-wide information security risk assessments and develop mitigation strategies.
Ensure compliance with DORA, NIS2, GDPR, ISO 27001, and other regulatory requirements.
Manage controls testing, gap analyses, and compliance monitoring programs.
Serve as primary contact for internal/external audits and regulatory inspections.
Deliver executive-level reporting on risk posture, compliance status, and GRC metrics.

5+ years in information security governance, IT risk, audit, or compliance (preferably in financial services).
2+ years of leadership experience managing GRC or similar teams.
Strong knowledge of EU regulations (DORA, NIS2, GDPR), ISO/IEC 27001, NIST, and financial-sector guidelines.
Experience with risk assessments, controls frameworks, audits, and compliance management tools.
Excellent documentation, reporting, and stakeholder management skills.
Fluency in Bulgarian and English; relevant certifications (CISM, CRISC, CISA, CGRC) are a strong advantage.

Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
Food vouchers in the amount of up to 200 BGN per month
20+5 paid holiday leave
Additional Health Insurance
Annual bonus scheme depending on the achieved results
Favorable conditions for housing and mortgage lending
Preferential conditions for Multisport / CoolFit card
Discounts in various companies
Great central location of the office
Refer a Friend Bonus