DORA Officer

The DORA Officer is responsible for ensuring full compliance with the Digital Operational Resilience Act (DORA) and relevant Polish regulatory requirements. The role includes oversight of ICT third-party risk, incident reporting, SLA monitoring, regulatory submissions, and acting as the primary point of contact with the Polish Financial Supervision Authority (KNF).

The role requires working from the office 5 days per week, with remote work possible only on an occasional basis. A hybrid work arrangement may be considered at a later stage.

Job responsibilities:

ICT Third-Party Risk Oversight:

• Monitoring and managing relationships with ICT third-party providers.

• Assessing risk exposure and maintaining required documentation.

• Ensuring alignment with DORA Article 3 in cooperation with senior management.

Register of Information (RoI) Management:

• Daily maintenance and verification of the RoI with GSS, TPRM, and VBLs.

• Communicating updates to internal stakeholders, including new outsourcing arrangements.

• Making regulatory notifications to KNF in line with DORA and Polish requirements.

Major Incident Management:

• Maintaining and reviewing the local ICT incident reporting procedure annually.

• Monitoring and classifying ICT incidents according to DORA Article 9.

• Submitting incident reports to KNF within required timelines (initial, interim, final).

• Keeping full documentation and an inventory of all major incidents.

SLA Monitoring for Intra-Group Vendors:

• Overseeing SLA performance for 7 intragroup agreements and over 100 services.

• Ensuring contracts reflect KPIs in cooperation with IT/IS and Legal.

• Providing regular SLA reporting to the Polish Board.

IT/Information Security KRI Reporting:

• Preparing quarterly and annual KRI reports (~150 items across 17 categories).

• Ensuring accuracy and timely submission via the KNF portal.

Digital Operational Resilience Strategy:

• Maintaining and annually updating the strategy.

• Formalizing changes through Board resolutions when required.

Regulatory Liaison:

• Acting as the main point of contact for KNF for RoI, incidents, KRIs, and SLA matters.

• Ensuring all submissions and communication with KNF are in Polish.

Required qualifications to be successful in this role:

• Polish citizenship (mandatory due to KNF portal access requirements via PESEL).

• Fluency in Polish (written and spoken).

• Proven experience in regulatory compliance, risk management, or ICT governance.

• Strong understanding of DORA and Polish financial regulations.

• Excellent organizational, analytical, and communication skills.

• Ability to work cross-functionally with IT, Legal, and senior management.

• Experience in financial services or fintech.

• Familiarity with KNF portals (crp.knf.gov.pl, csirt.knf.gov.pl).

• Legal or technical background in ICT outsourcing or incident management.

• Ability to work five days a week in one of CGI’s offices in Poland – this is a must

Our attractive offer contains:

• Healthcare / Medicover paid by CGI with a free dental package

• Share purchase plan co-financed by CGI, with the possibility of cashing at any time

• Sport card

• Employee psychological support program

• Annual bonus plan, depending on the annual financial result

• Rewarded referral program, minimum PLN 6k for recommendation

• Be Consultant program, thanks to which you have the opportunity to strengthen your competences

• Mentoring program

• Possibility of accounting for creative work (author's tax-deductible costs)

• Attractive training program - Brown Bags, hackathons and knowledge sharing

• Additional insurance - life, accident and serious illness insurance

• Additional childbirth insurance