IT Risk & Controls Manager

Firm Overview

We are a leading global investment firm and aim to help endowments & foundations, pension plans, and high net worth private clients implement and manage custom investment portfolios that generate outperformance and enable them to maximize their impact on the world. Working alongside its early clients, Cambridge Associates pioneered the strategy of high-equity orientation and broad diversification, which since its inception in the 1980s has been a primary driver of performance for institutional investors. Today, we deliver a range of portfolio management services, including outsourced CIO, non-discretionary portfolio management, investment staff extension, and asset class mandates. Cambridge Associates maintains offices in major financial centers across the globe, with headquarters in Boston, MA.

Working with some of the world’s most sophisticated institutional investors, we bring a deep knowledge of portfolio management best practices to the clients we serve and select our colleagues with great attention to their potential to become a valuable member of a collaborative, intelligent and hard-working team .

Position Overview

We are seeking a dedicated IT and IO focused Risk and Controls Manager based in Germany, to serve as a first line of defense for the Chief Operating Officer (COO), and Chief Technology Officer (CTO), positioning the successful candidate at the intersection of technology, operations, and risk management. Working within our Munich office, this individual will be part of a global network of professionals, contributing to critical decision-making processes that shape our organization's risk and security landscape. This individual’s expertise will directly influence our operational resilience and regulatory compliance across multiple jurisdictions. The Risk and Controls Manager, reporting directly to the Senior Director of IT Risk and Controls, will be responsible for ensuring compliance with German and European IT and IO regulations, including, but not limited to, BAIT (Bankaufsichtliche Anforderungen an die IT), DORA (Digital Operational Resilience Act) and MaRisk (Mindestanforderungen an das Risikomanagement von Banken). This role involves working directly with auditors, collecting, and maintaining audit documentation, and ensuring that specific documentation requirements are met throughout the year. They will be considered the Subject Matter Expert in this area and expected to train and educate individuals throughout the organization on alignment to key regulations. This position will include conducting annual reviews and approvals of all policy documentation and monitoring and periodically testing or providing oversight on testing for all controls. In addition, this individual will stay current on all relevant regulatory requirements, and when necessary, revise policy, process, and controls documentation in coordination with the CA LLC IT and IO Risk and Control teams. If significant changes to our framework become required, this individual will outline the requirements and partner with the CA LLC IT and IO Risk and Control teams to measure the impact on the organization and determine a plan for implementing changes, including funding and resource allocation. They will work with key stakeholders in IT and IO to enact changes that will ensure continued alignment to regulations, including any training and awareness to support organizational change management.

Job Responsibilities

· Regulatory Monitoring and Documentation Management:

• Ensure alignment with BAIT, DORA, and other relevant German and European regulations.
• Stay current on changes to regulatory requirements and industry best practices.
• When changes are introduced take the necessary steps to update documentation, controls, and processes to remain in alignment. Work with CA LLC IT and IO Risk and Control teams to implement changes globally and support the required organizational change management.
• Periodically monitor IT and operational controls to confirm processes are executed completely and accurately and audit documentation is readily available.
• Coordinate information and intelligence sharing regarding cyber threats
• Implement and maintain a documentation management system to track audit related documents for IT and IO.

· Control Assurance and Audit Management:

• Conduct reviews and evaluations of existing controls to ensure alignment with regulations.
• Collect, organize, and maintain audit documentation by acting as a liaison between our IT and Operations control owners and auditors; ensuring timely delivery of required documentation
• Oversee cyber threat notification protocols
• As required, raise potential risk matters to the CA LLC IT and IO Risk and Control teams
• Serve as the primary point of contact to German auditors for IT and Operations.
• Explain the organization's IT and operational landscape of risks, controls, policies, and processes to auditors.
• Coordinate and facilitate auditor requirements, including key stakeholder meetings, audit walk throughs, or other efforts necessary for the auditors to fully understand IT and Operations for our global organization.

· Internal Collaboration:

• Work closely with global CA teams to ensure alignment with regulatory requirements.
• Provide guidance and support to key stakeholders on regulatory related matters.
• Conduct internal reviews to ensure ongoing compliance with regulations and provide support where gaps are identified to swiftly get back into alignment with regulations.

· Training and Awareness:

• Develop and deliver training programs as the Regulatory Subject Matter Expert to educate employees on German and European regulatory requirements and industry best practices.
• When control or process changes are required as a result of changes in the regulatory landscape, provide training to educate key stakeholders to guide and support organizational change management.

Qualifications

• Bachelor of Science in Business Analytics, Business Intelligence Technology Management, Operations, or a related field.
• Substantial experience in guiding a global organization on regulatory compliance, preferably within the financial or IT sectors.
• In-depth knowledge of BAIT, DORA, and other relevant German and European regulations.
• Proven ability to collaborate effectively with cross-functional teams.
• Detail-oriented with a commitment to maintaining high standards of quality and integrity.
• Proficient understanding of Microsoft Office
• Exceptional communication and presentation skills, with the ability to convey complex information clearly and concisely.
• Skillful in managing multiple projects, reprioritizing as necessary, elevating key decisions as appropriate.
• Able to work independently and collaboratively.
• Proficiency in both German and English.
• Experience working with US-based organizations.
• Certification in regulatory compliance or related fields (e.g., CISA, CRISC).

Cambridge Associates is an equal opportunity employer. Diversity and inclusion are essential elements of our culture. We are committed to fostering an environment where individual perspectives, backgrounds, and life experiences make the firm a great place to work and result in a more satisfying client experience.

Employees of Cambridge Associates GmbH or an affiliated firm, are prohibited from employment or other association with any company, organization, business, or other entity that is involved in any way with the securities or financial services industry except for those entities that are directly affiliated with Cambridge Associates GmbH.