ICT Risk Manager

Location: Berlin

A leading fintech company at the forefront of e-mobility payments is looking for a Senior ICT Risk Manager / Information Security Officer to build out the company's information security framework.

• You take formal responsibility as the Information Security Officer (ISO) and as the ICT Risk Control Function under DORA, overseeing the governance and effectiveness of the ICT and cyber risk management framework.
• You establish, operate, and continuously improve the Information Security Management System (ISMS) in alignment with ISO/IEC 27001, DORA, and company strategy, ensuring appropriate policies, controls, and awareness measures are in place.
• You monitor ICT and cyber risks across the institution, review and challenge first-line assessments, and ensure transparent reporting to the Management Board and Risk Committee.
• You coordinate the Local Security Incident Response Team (LSIRT) and act as the central contact for information security incidents, ensuring appropriate escalation, documentation, and regulatory notifications.
• You ensure that internal ICT and security policies, standards, and documentation are consistent, up to date, and embedded effectively across all departments.
• You are responsible for performing and reviewing third-party and ICT-outsourcing risk assessments, ensuring external providers are evaluated and monitored for security and operational resilience in line with DORA and internal standards.
• You design and deliver awareness and training programmes on information security and ICT risk topics, fostering a strong security and resilience culture.
• You stay informed about emerging regulatory, technological, and threat developments to proactively adapt the ICT risk and security frameworks to evolving requirements.
• You prepare and deliver ICT risk and security reports for internal governance bodies, auditors, and supervisory authorities, ensuring a clear and consistent communication of the institution's ICT risk profile.
• You prepare and deliver ICT-risk and security reports for internal governance bodies, auditors, and supervisory authorities, and contribute to audits, BaFin inspections, and Risk Committee meetings by providing clear analyses, professional reporting, and proactive recommendations.
• You will work in close coordination with the Group ISO to ensure consistent alignment of security and ICT risk management practices across both organisations.

• 5+ years of professional experience in ICT risk management, information security, or operational resilience, within a financial-services or fintech environment.
• Expert knowledge of DORA, ISO/IEC 27001, and information-security best practices.
• Experience in establishing, managing, and improving an ISMS, including ICT and third-party-risk control processes.
• Analytical, structured, and proactive working style with the ability to connect technical, regulatory, and business perspectives.
• You are a problem solver: You proactively contribute to finding pragmatic solutions for real complex problems in regard to information security.
• Excellent communication and stakeholder-management skills; confident in engaging with management, auditors, and external partners.
• Entrepreneurial, proactive, and comfortable in dynamic, international environments.