We're looking for a IT RISK - PortoWho We're Looking For:We are looking for an experienced IT Risk Analyst / Permanent Controller to join a Cybersecurity & Digital Risk function.This role sits at the intersection of cybersecurity, IT risk management, and payment services, offering strong exposure to highly regulated, business-critical systems.Professional Experience & Main TasksDefine and promote cybersecurity governance for IT Payment Services.Support IT teams in identifying, assessing, and managing cyber and IT risks.Execute and contribute to permanent control activities across ICT and non-ICT risks.Maintain and update the IT risk landscape using inputs such as RCSA, incidents, and control plans.Perform root cause analysis and impact assessments.Follow up on remediation actions, ensuring timely implementation and effectiveness.Produce risk reporting and consolidated risk views for senior stakeholders.Support audits, risk reviews, and third-party risk assessments.Collaborate closely with cybersecurity, development, production, and risk teams.Skills & Experience3+ years of experience in IT Risk Management, Cyber Risk, GRC, or Permanent Control.Solid understanding of cybersecurity principles in regulated environments.Experience with risk assessments, controls testing, and remediation follow-up.Strong analytical skills and ability to assess root causes and business impact.Familiarity with GRC tools (e.G. ServiceNow GRC) and Microsoft Office.Experience in financial services, payments, or regulated industries is a strong plus.Knowledge of DORA and/or PCI-DSS is an advantage.Language RequirementEnglish – B2Work SetupHybrid