Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Senior Information Security Manager

MMoss
Seniority
Senior
Model
Hybrid
Sector
Fintech
Salary
Undisclosed
Contract
Full-Time

About the role

Our Information Security team is seeking an Information Security GRC Lead (f/m/d). This role owns our security governance, risk, and compliance program - ensuring Moss meets its regulatory obligations as a BaFin-regulated EMI while enabling the business to move fast. You'll report directly to the Director of Information Security.

What you'll do

  • Unified control framework - Build and maintain a single, unified control framework mapped to DORA, ISO 27001, SOC 2 Type 2, and GDPR
  • ICT risk management - Own the ICT risk management framework and register (based on ISO 27005 or equivalent)
  • GRC automation - Automate everything you can: evidence collection, control testing, reporting, policy acknowledgements
  • DORA compliance - Own the DORA compliance program: gap analysis, remediation tracking, ICT risk management framework
  • Security incident management - Own security incident classification and regulatory reporting to BaFin (with CISO sign-off)
  • Business continuity - Own the BCM program, including BCP maintenance, testing, and BIA updates
  • Audit readiness - Coordinate ISO 27001 and SOC 2 Type 2 audits end-to-end
  • Asset and data classification - Own the classification schema and ensure assets and data are classified and maintained

What you'll need

  • You have built or run GRC programs in a fast-paced, regulated environment - ideally a financial institution or fintech
  • You have hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR
  • You have built or managed unified control frameworks mapped across multiple standards
  • You understand controls at the technical implementation level
  • You have designed or significantly evolved a risk management framework
  • You have hands-on experience with GRC platforms (e.g. Vanta, Drata, ServiceNow GRC, or similar)
  • You understand BaFin regulatory expectations or similar financial regulators
  • Fluent written and spoken English

Nice to have

  • Experience with DORA or strong familiarity with its requirements
  • German language skills given our regulatory environment

What they offer

  • An attractive compensation package, including company stock option plan
  • An annual learning budget of 600 euros
  • Access to mental health and wellbeing offering, including 1-on-1 coaching sessions
  • An Urban Sports Club membership
  • 20 days of work from abroad
APPLY →