DORA: Challenges and career opportunities

How DORA is changing careers in banking and auditing

The DORA Directive (Digital Operational Resilience Act) is currently having a major impact on the way banks and financial service providers in Frankfurt work. Audit firms also have to deal with this new regulation.

Lisa Gloos, Managing Consultant for Banking & Financial Services in Frankfurt, gives an insight into how this is changing work in banking and auditing and what applicants should focus on.

What is DORA?

DORA is a new EU directive. It aims to strengthen the digital resilience of financial institutions. Banks and financial service providers must, for example, adapt IT and risk management as well as outsourcing management to the requirements of DORA. The aim is to ensure effective management of cyber security risks in the financial markets. These include, for example, cyber attacks and hacker attacks or data breaches at critical service providers. In future, over 3,600 financial companies in Germany will have to ensure that they remain resilient even in the event of serious business interruptions.

The new directive replaces the previous regulation, the "Bankaufsichtliche Anforderungen an die IT " (BAIT).

How is DORA changing work in banking and auditing?

In the banks themselves, DORA primarily affects the Banking Assurance and Advisory departments as well as all areas of connection between IT and banking expertise. These include the areas of Internal Audit, Risk & Compliance Management, IT Process or Project Management and Legal. Experts must ensure that, for example, cyber security analyses are carried out, catalogues of duties are drawn up and the necessary measures for DORA compliance are implemented.

Auditors act as a kind of "control body" and are responsible for checking banks and their processes to ensure that DORA is being adequately implemented. They contribute their knowledge of the requirements of the DORA Directive to the audit processes.

Career opportunities through DORA

The pressure on financial institutions is increasing, as the implementation deadline of 2025 is already approaching. By then, companies will have to identify the need for action and requirements in the area of information and communication technologies (ICT) and adapt systems and processes accordingly. This will result in new roles and responsibilities, as evidenced by an increase in job advertisements containing the keyword "DORA" since the beginning of 2023.

The demand for specialists in the financial sector is growing, which also shows an increase in talent in key DORA positions. Particularly noteworthy here is the growth in positions with the titles "Internal Auditor" by 32%, "Risk Controller" by 36% and "Compliance Manager" by 47%.

How to succeed with an application in the DORA environment

As there are no certifications for DORA to date, talented individuals who can act as a link between banking and IT or even have experience with the implementation of BAIT and ICT risk management in general can score particularly well.

In addition to technical expertise and a basic understanding of the DORA guidelines, soft skills are also crucial. In view of the new challenges posed by DORA, all candidates are required to be suitably sharp, adaptable and flexible. Clear communication of complex regulatory requirements, stakeholder management, teamwork skills and an understanding of interdisciplinary collaboration are also essential to effectively implement DORA. 

In this regulatory-driven landscape, continuous training is essential. It is important that specialists and managers are aware of the latest regulatory developments and best practices.

This also includes training and certification in the areas of IT security, risk management and compliance," explains Lisa Gloos, but points out that specific certificates for DORA do not yet exist.

Networking: a key to success

Professionals who regularly undergo further training are also convincing. Attending specialist lectures and events is particularly recommended. Exchanging ideas with colleagues and industry experts can provide valuable insights into the practical implementation of DORA.

"The large consultancies in particular are organising specialist presentations and roundtables. As the topic is still very new, it can help to exchange ideas with like-minded people and learn more about the challenges, tips and best practices related to DORA," adds Gloos.