Risk and Compliance helps Quanloop operate with clear standards: policies, practical controls and documentation that supports consistent decision-making. You’ll work across compliance, legal documentation/contracts and resilience topics (including DORA), partnering closely with Engineering, Infrastructure and Client Operations.

In this role you’ll focus on DORA coordination.

Job Responsibilities

Run the DORA delivery plan: maintain the roadmap, workstreams, milestones, dependencies and evidence pack.
Translate DORA obligations into practical controls teams can implement (policies, procedures, testing routines, metrics), with clear owners and deadlines.
Coordinate major ICT-related incident reporting readiness: classification workflow, internal escalation, approvals, and submission discipline (initial/intermediate/final).
Own the internal Register of Information process: completeness, change control, validation checks, and annual submission readiness.
Coordinate ICT third-party and outsourcing readiness with Operations/Vendor Management: contract readiness, oversight routines, dependency mapping and exit planning for critical/important services.
Drive operational resilience testing coordination (BCP/DR, incident response exercises and related control testing) and track remediation actions to closure.
Run a predictable governance cadence: Steering Committee packs, decision logs, action tracking and escalations when delivery is blocked.
Maintain clear records of decisions, approvals, evidence updates and risk acceptances so the programme does not rely on reconstructing documentation later.

What good looks like in the first 3–6 months

The DORA programme runs on a clear cadence: owners know what is due, what “good” looks like, and what evidence is required.
Incident reporting and the Register of Information operate as controlled processes (not ad-hoc exercises), including predictable approvals and traceability.
At least one material readiness gap (typically third-party oversight, testing discipline, or evidence maintenance) is closed in a way that sticks.

Key Topics

DORA fundamentals and governance expectations
Operational resilience and ICT control concepts (incident management, BCP/DR, testing)
Evidence-led compliance and audit trail discipline
ICT third-party risk and outsourcing concepts (critical/important services, exits, oversight)
Cross-functional programme delivery and stakeholder alignment
Reporting and escalation principles in regulated environments

Qualifications

Relevant experience delivering cross-functional compliance, risk, or operational resilience programmes in a regulated environment (financial services preferred).
Comfortable translating regulatory obligations into workable internal standards, routines and evidence requirements.
Strong documentation discipline: able to maintain structured records, approvals and evidence packs without creating unnecessary bureaucracy.
Able to communicate clearly in English, in writing and in meetings, with senior stakeholders.
Practical judgement: able to be firm on essentials (deadlines, evidence quality, escalation) while keeping delivery workable for IT/Ops teams.
Comfortable partnering with Engineering/Infrastructure, Security and Operations/Vendor Management stakeholders.
Able to run a governance cadence and escalate decisions through a Steering Committee / Management Committee when required.

Other skills

Precise writing and attention to detail.
Calm, structured approach under time pressure (including incident-related deadlines).
Ability to challenge, unblock and follow through without relying on formal authority.
Professional judgement on what must be documented vs what is noise.

How to apply

Apply with your CV (LinkedIn optional). A short note is welcome, but not required.

DORA Program Manager