DORA (Digital Operational Resilience) Jobs: Governance, Risk & Compliance Careers (2026)

The Digital Operational Resilience Act (DORA) is the EU regulation that makes operational resilience a hard requirement for the financial sector, and it has applied since January 17, 2025. It covers banks, insurers, investment firms, and a wide range of other financial entities, and for the first time it brings their critical ICT third-party providers, including major cloud providers, under direct oversight. DORA sets requirements for ICT risk management, incident reporting, digital operational resilience testing, third-party risk, and information sharing.

DORA is creating a wave of roles at the intersection of technology risk, third-party risk, and compliance, because financial firms now have to prove they can withstand and recover from ICT disruptions, not just manage them on paper. People who can run an ICT risk program, manage critical-provider concentration risk, and handle resilience testing are in sharp demand across European financial services.

DORA: Frequently Asked Questions

What is DORA?

The Digital Operational Resilience Act, an EU regulation applying since January 17, 2025, that sets ICT risk management and operational resilience requirements for the financial sector.

Who does DORA apply to?

Financial entities across the EU, including banks, insurers, and investment firms, and their critical ICT third-party providers, which DORA brings under direct oversight.

What does DORA require?

ICT risk management, ICT incident reporting, digital operational resilience testing, management of third-party ICT risk, and information sharing on cyber threats.