The Digital Operational Resilience Act (DORA) is opening up cybersecurity careers in finance

The EU’s Digital Operational Resilience Act (DORA) is set to bring about important regulatory changes in our banking and financial sectors. What is DORA, what will be its impact on operations, and how will it influence cybersecurity roles in the years to come?

What is the Digital Operational Resilience Act (DORA)?

Why the focus on resilience? Because financial institutions today rely heavily on digital systems to conduct their day-to-day operations. While this digitalisation of services is convenient, improved customer experience should not come at the expense of resilience – by which we mean digital security and safety as well as the continuity and robustness of digital services. Because of the potential impact on individual firms, not to mention the stability of the entire financial system, the need to mitigate such risks is urgent.

Before DORA, financial institutions predominantly addressed operational risk by shoring up capital. DORA will require financial institutions to broaden their approach, mandating adherence to regulations governing protection, detection, containment, recovery, and restoration capabilities in the face of breaches, failures, or other disruptions.

DORA guidelines cover the management, incident reporting, operational resilience assessment, and monitoring of ICT third-party risks. Firms will have to record all ICT incidents and significant cyber threats, improving awareness of incidents within individual firms and among regulatory authorities. Irish financial institutions must adopt the new guidelines before 17th January 2025 or face potential penalties, set by the Central Bank of Ireland, amounting to 2% of the annual worldwide turnover of the organisation.

Change is everywhere, all at once

DORA isn’t the only new or developing regulation facing the sectors. We also have the Market in Crypto Assets (MiCA) Regulations (aiming to make the crypto industry in the Eurozone a transparent and secure environment for investors) and the Sustainable Finance Disclosures Regulation (SFDR) (strengthening the financial system’s ability to navigate climate change risks and support the transition to a climate-neutral economy). In addition, reviews or changes are coming to the Payment Services Directive (PSD2), the Consumer Protection Code, and Individual Accountability Framework – some of which we will come back to in future blogs.

There’s no denying that change is a constant in the banking and financial sectors. However, rather than being a burden, the changes that DORA will usher in represent a valuable opportunity for forward-thinking organisations. By definition, that means they are also an opportunity for motivated professionals looking to position themselves in still underserved niches and carve out highly successful careers for themselves.

It's clear that DORA will have a significant impact on the job landscape within the banking and finance sectors. A significant portion of jobs within financial institutions will be affected in some way by DORA. Roles directly related to technology, cybersecurity, risk management, and compliance are likely to see the most pronounced changes, as these areas are directly addressed by DORA regulations.

While some jobs may evolve or expand to meet the new requirements, others might become redundant or undergo restructuring as firms adapt to the changing regulatory landscape. There will likely be job growth in areas such as cybersecurity consulting, compliance advisory services, and technology solution providers catering to the needs of financial firms transitioning to comply with DORA.

Cybersecurity jobs are booming

As we all grapple with the reality of increasing threats and expanding regulations, the demand for cybersecurity professionals is huge. In fact, 67% of organisations worldwide report a staff shortage in this area. According to ISC2, approximately 4 million extra cybersecurity workers are needed to meet the global needs of employers right now.

The cybersecurity talent shortage means significant opportunities for career growth, advancement, and recognition for cybersecurity professionals and a rewarding and fulfilling career path in a rapidly evolving and vital field. We are anticipating that DORA will mean:

• More roles: expect a plethora of job opportunities across various sectors and organisations seeking cybersecurity expertise to bolster their security posture and compliance efforts.
• Great compensation: skilled professionals may command higher salaries and better compensation packages as organisations compete to attract and retain top talent.
• Career advancement: there will be ample opportunities for career advancement, including promotions, leadership roles, and specialised positions in niche areas of cybersecurity.
• Diverse opportunities: a wide range of work environments - including corporate enterprises, government agencies, consulting firms, and cybersecurity startups - means diverse career experiences and challenges.
• Continued development: continuous learning and development opportunities will be needed to stay abreast of the latest trends, threats, tools, and best practices in the field.
• Professional recognition: critical for organisational success and resilience, cybersecurity expertise and leadership will mean enhanced professional reputation and respect.

Landing the perfect DORA-related cybersecurity role

Attracting and retaining top cybersecurity talent is going to be an ongoing priority for banking and financial organisations across Europe. Professionals interested in growing in this area will need a deep understanding of the relevant regulatory requirements as well as the skills to implement appropriate frameworks and methodologies. To really shine as a candidate, there are two key areas you can focus on beyond this.

Enhancing expertise through continuous learning

The first priority should be to demonstrate a commitment to continuous learning and professional development. This could include obtaining relevant industry certifications such as Dora Certified Compliance Specialist (DCCS), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Ethical Hacker (CEH).

Additionally, consider attending industry conferences, workshops, and seminars to keep up with the latest insights, best practice, and of course benefit from the networking opportunities. You can also participate in training programmes and workshops to acquire new skills and knowledge in more specific or niche areas of cybersecurity.

Developing cross-disciplinary skills and knowledge

The second area to look at is collaboration. Successful DORA compliance will depend on the ability of cybersecurity teams, IT departments, and business units to work well together. Cybersecurity professionals with cross-disciplinary skills, including strong communication abilities, project management experience, and a thorough understanding of business processes and risk management principles, will be very attractive to employers.

Critically evaluate and improve the skills that will help you demonstrate your ability to align cybersecurity strategies with the broader objectives and risk tolerance of the organisation. Familiarise yourself with the key business processes within financial services firms and develop a comprehensive understanding of risk management frameworks, such as COSO or ISO 31000.

Join a 5.5 million-strong global cybersecurity workforce

The cybersecurity workforce and gap have both grown. Europe’s cybersecurity workforce stands at around 1.3 million, a 7% increase on the past year (and a 10% increase in Ireland). Despite an uncertain economy and the most challenging threat landscape to date, overall job satisfaction levels among cybersecurity professionals remains high. Cybersecurity roles in finance offer promising opportunities for professionals with expertise in safeguarding digital assets.

Showcasing a proactive approach to CPD as well as cross-disciplinary skills will enhance your qualifications and expertise and help you to position yourself as a valuable asset to financial services firms seeking to achieve compliance with DORA and strengthen their operational resilience in the face of cyber threats.