ICT Risk Analyst

Joining Capco means joining an organisation that is committed to an inclusive working environment where you’re encouraged to #BeYourselfAtWork. We celebrate individuality and recognize that diversity and inclusion, in all forms, is critical to success. It’s important to us that we recruit and develop as diverse a range of talent as we can and we believe that everyone brings something different to the table – so we’d love to know what makes you different. Such differences may mean we need to make changes to our process to allow you the best possible platform to succeed, and we are happy to cater to any reasonable adjustments you may require. You will find the section to let us know of these at the bottom of your application form or you can mention it directly to your recruiter at any stage and they will be happy to help.

About Capco

Capco is a global technology and business consultancy, focused on the financial services sector. We are growing at fast pace in our Italian office, the opportunity for growth is large, accessible, and immediate. We are passionate about helping our clients succeed in an ever-changing industry. Capco is going through a significant growth journey, now is a very good time to join us as we expand our consulting team in Italy.

Role Description:

As part of the consulting team, the ICT Risk Analyst will:

• Support the development and maintenance of the ICT and Cyber Risk Management framework, ensuring alignment with regulatory requirements and industry standards


• Contribute to the identification, assessment, and monitoring of ICT and cyber risks across systems and processes


• Perform ICT risk assessments, including RCSA and scenario analysis


• Define, monitor, and report KRIs, KPIs, and other ICT risk metrics


• Support second line of defense activities within the ERM framework, focusing on ICT risk exposure monitoring


• Contribute to the ICT Risk Appetite Framework, including thresholds, limits, and escalation mechanisms


• Analyze ICT vulnerabilities and ensure tracking of mitigation and remediation action


• Prepare dashboards, heatmaps, and reports to provide visibility on ICT risk to stakeholders


• Support the definition and update of ICT and cyber risk policies, standards, and guidelines


• Collaborate with IT and Cybersecurity teams on risk monitoring, incident analysis, and response

Skills and Experience

To qualify for the role you must have:

• Bachelor’s degree in scientific, engineering, economic or IT-related fields


• 2–5 years of experience in ICT Risk, Cyber Risk, Operational Risk or Risk & Regulatory environments


• Knowledge of ICT Risk Management frameworks (e.g. ISO 31000, NIST, ISO 27005 or similar)


• Understanding of core ICT technologies and cybersecurity domains


• Experience in defining risk indicators, metrics and reporting


• Strong analytical skills and ability to synthesize risk data


• Proficiency in Microsoft Office 365 tools


• Strong communication skills and ability to work with cross-functional stakeholders

Nice to have:

• Knowledge of Digital Operational Resilience Act (DORA) and operational resilience topics


• Experience with data analytics and dashboarding tools (e.g. Power BI)


• Relevant certifications (e.g. CRISC, CISA, CISM, ISO 27001)

Why join Capco?

You will work on engaging projects with some of the largest banks in the world, on projects that will transform the financial services industry.

We offer:

• A work culture focused on innovation and building lasting value for our clients and employees


• Ongoing learning opportunities to help you acquire new skills or deepen existing expertise


• A flat, non-hierarchical structure that will enable you to work with senior partners and directly with clients


• A diverse, inclusive, meritocratic culture

Office location: Piazza Gae Aulenti 1, Milano (Garibaldi FS/ MM Garibaldi). Two days per week on site in a flexible environment that values remote working.

#LI-Hybrid

#LI-AD1