Freelance - DORA ICT Expert (m/f/d) – Case Lead & Evidence Management IT Compliance | DORA | NI[...]

DORA ICT Expert (m/f/d) – Case Lead & Evidence Management IT Compliance | DORA | NIS2 | ISO 27001 | Regulatory Governance | Audit & Evidence Management

About the Opportunity

Our client is one of Europe’s leading enterprise technology environments, operating within a highly regulated, international ICT landscape. The organisation plays a critical role in digital infrastructure and operational resilience, with strong long-term investment in regulatory compliance, governance, and security excellence.

This is a strategic role within a major DORA implementation and supervisory readiness programme , offering real ownership, visibility, and long-term impact.

The contract is guaranteed until the end of this year , with a strong likelihood of extension as part of a multi-year regulatory roadmap expected to run beyond 2027.

If you are an experienced IT compliance or regulatory professional who thrives in structured, high-accountability environments, this is an opportunity to position yourself at the core of European ICT regulatory transformation.

Key Responsibilities

• Operational Case & Inquiry Management
  • End-to-end operational control of regulatory inquiries and compliance checks
  • Collection, validation, and compilation of audit-proof evidence
  • Deadline management, tracking, and structured reporting
  • Administration and governance of the central DORA Data Room
• Request & Workstream Control
  • Recording incoming regulatory requests
  • Professional assignment and stakeholder coordination
  • Clarification of scope and regulatory timelines
  • Creation and maintenance of structured work plans
• Regulatory Evidence Management (RTS / ITS)
  • Collection of required regulatory data fields including:
    • Customer data
    • ICT service data
    • Location data
    • Subcontracting and third‑party information
    • Incident details
  • Quality assurance and structured version control
  • Ensuring completeness and audit‑readiness of documentation
• Contract & Subcontracting Transparency
  • Maintenance of subcontractor and third‑party register views
  • Change tracking and documentation governance
  • Preparation of regulatory flow‑down verifications
• Incident Management & Reporting Support
  • Data collection for regulatory incident reports
  • Lessons Learned tracking
  • Support of DORA‑aligned reporting processes
• Audit & Testing Support
  • Preparation of structured documentation packages
  • Interview preparation and coordination
  • Findings backlog management
  • Retest tracking and closure documentation
• Supervisory Authority Interaction
  • Preparation of oversight and supervisory reports
  • Scheduling and coordination of inspections
  • Action tracking through to formal closure

Required Qualifications & Experience

• Completed degree in IT, Business Informatics, Information Security, or comparable
• Several years of professional experience in:
  • IT Compliance
  • IT Audit
  • Information Security Management
  • Regulatory Governance
• Strong knowledge of regulatory frameworks, particularly:
  • DORA (Digital Operational Resilience Act)
  • NIS2 Directive
  • ISO/IEC 27001
• Experience working with GRC, CMDB, and ITSM tools
• Strong reporting and analytical capabilities including:
  • Power BI
  • Microsoft Excel
  • AI‑supported data analysis
• Proven experience in evidence management
• Basic understanding of ICT contracts and subcontracting chains
• Familiarity with incident processes and audit routines
• Experience in complex enterprise environments with strong stakeholder/interface management

Skills & Competencies

• Analytical, structured, and process‑oriented mindset
• Strong communication skills
• Assertiveness and stakeholder confidence
• High documentation discipline
• Ability to operate in regulated, deadline‑driven environments

Language Requirements

• Very good German and English language skills
  (English required for communication with European Supervisory Authorities)

Why Apply?

• Long‑term regulatory programme environment
• High visibility within a critical DORA transformation initiative
• Enterprise‑scale ICT environment
• Contract guaranteed until year‑end with strong extension probability beyond 2027
• Opportunity to work at the forefront of European digital operational resilience