Job Drop BerlinYOUR WAY INTO BERLIN TECH
POST A JOBSAVED JOBSMEET A STARTUPREADSUBSCRIBE
NewsletterLinkedIn
AboutTermsImpressumPrivacy

Lead IT Risk Manager

UUpvest
Seniority
Senior
Model
Hybrid
Sector
Fintech
Salary
Undisclosed
Contract
Full-Time

About the role

As the Lead IT Risk Manager, you will play a pivotal role in owning and evolving our IT Risk Framework within the second-line risk function. Operating in a highly growth-oriented and regulated financial services environment, this role demands an exceptional blend of technical governance expertise, independent challenge capabilities, and strategic stakeholder management.

What you'll do

  • Own and evolve the IT Risk and Business Continuity Management Framework within the second line, keeping it scalable as the business grows.
  • Provide independent second-line oversight and challenge to the first-line IT GRC team on the design and effectiveness of IT controls.
  • Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security, linking back to the Risk Appetite Framework.
  • Mature the ISMS by guiding policies, standards, and procedures with the relevant process owners.
  • Define baseline controls and run continuous ISMS maturity assessments against ISO/IEC 27001:2022 and related standards.
  • Drive second-line assurance reviews and deep-dives across critical IT risk domains, reporting findings and tracking remediation to closure.
  • Lead Upvest's DORA obligations, including ICT risk management, incident classification, and third-party ICT risk oversight.
  • Act as the primary second-line contact for IT risk, reporting posture and material risk events to senior stakeholders, the C-suite, and the Risk Committee.

What you'll need

  • University degree in Computer Science, Information Technology, Information Security, or an equivalent academic/professional background.
  • Minimum of 5+ years of progressive professional experience in IT Governance, Risk, Compliance, and Security (IT GRC / IT Security) within a regulated financial institution, bank, fintech, or fast-scaling B2B platform environment.
  • Deep operational understanding of IT governance standards (e.g., ISO 27001), regulatory risk requirements (BaFin BAIT/MaRisk), and modern resilience standards like DORA.
  • Exceptional verbal and written articulation skills in English, with a proven ability to engage credibly with a multilingual international stakeholder base, technical engineering leads, and C-level executives.
  • A strong product engineering and security-focused mindset, combined with commercial pragmatism and the ability to operate confidently under ambiguity.

What they offer

  • €20,000 per year to spend on AI tools and best-in-class resources.
  • 30 days of annual leave, sports benefits, and access to professional coaching.
  • Flexible remote work across Europe for up to 183 days a year, plus one-month paid sabbatical after every 4 years.
  • Personal development budget and choice to work hybrid from Berlin, London, or Tallinn.
  • Competitive, above-market salary and employee equity program participation.
  • Company-wide events and Employee Resources Groups fostering inclusion and connection.
APPLY →