The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Regional Information Security Manager – Europe

Role Overview:

Lead the European regional technical risk team to manage risk exposure, assurance, and compliance across EU/EEA/UK entities. Ensure alignment with Cyber Strategy and Group CISO directives; deliver inputs to Technology risk forum (TRF); and integrate DORA, EU AI Act, GDPR, NIS2, plus global frameworks: NIST CSF 2.0, ISO/IEC 27001:2022, ISO 31000:2018, COBIT 2019, PCI DSS v4.0/v4.0.1. For UK, align with FCA PS21/3 and PRA SS1/21.

Key Responsibilities:

· EU Regulatory Alignment:

o DORA: Implement harmonised ICT risk management, incident reporting, resilience testing/TLPT, third-party oversight (including CTPP/cloud) and contractual clauses; provide national reporting as required.

o EU AI Act: Maintain inventory of high-risk AI systems; ensure conformity assessment/readiness; transparency/labelling for GPAI; map obligations along provider/deployer chain

o GDPR: Uphold data protection principles, DPIAs, RoPA, breach notification, cross-border transfer safeguards.

o NIS2: Address risk-management and incident reporting obligations in covered sectors; support national transposition and supervisory expectations.

· UK Operational Resilience (if UK footprint): Identify important business services, set impact tolerances, complete mapping & scenario testing, and evidence compliance by 31 Mar 2025 under FCA PS21/3 / PRA SS1/21.

· Framework Integration: Embed NIST CSF 2.0, ISO/IEC 27001:2022, ISO 31000, COBIT 2019 into controls, audits, and continuous monitoring. Maintain compliance to NIST CSF 2.0, ISO/IEC 27001:2022, COBIT 2019; sustain PCI DSS v4.0/v4.0.1 for payments.

· Metrics, RCSA, & TRF: Govern European KRIs/KPIs; lead RCSA & remediation; produce Technology Risk Forum packs (posture, trends, asks).Govern regional KRIs/KPIs and ensure fit-for-purpose metrics mapped to risk appetite.

· Lead annual RCSA with ISO 31000 risk principles: close remediation actions.

· Feed clear, decision-ready inputs to the Technology Risk Forum; coordinate with application/infra/service owners to turn metrics green.

· Drive a Metric Rewrite Protocol for persistently failing metrics (RCA → redesign → pilot → cutover).

Ensure SOX 404 (where applicable) alignment for ICFR/ITGCs; coordinate management assessment and external audit readiness.

·

Candidate Profile:

· 10–15 years in cyber risk/compliance within EU/UK financial services; delivery experience across DORA, GDPR, NIS2, and UK PS21/3 / SS1/21 programs.

· Expert communicator with board-level articulation; adept at multi-country stakeholder alignment.

Success Indicators

· Full DORA readiness and AI Act roadmap; GDPR/NIS2 controls effective; improved Technology Risk Forum outcomes.

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.