Your Role As an Information Security Manager within the Security & Privacy Governance team, you will report directly to the Head of SRE, ICT Risk, Security & Privacy. In this role, you will lead our ISO 27001:2022–certified Information Security Management System (ISMS), drive compliance with the EU Digital Operational Resilience Act (DORA), and ensure our controls are aligned with international regulatory requirements. Your Responsibilities Governance & ICT Risk Maintain and enhance our ISO 27001:2022 ISMS and policy framework Oversee and maintain compliance with DORA provisions concerning ICT risk governance and third-party risk oversight Run risk analyses in line with regulations, best practices, Three-Lines-of-Defence model Engineering & Operations (First-Line Enablement) Security-by-Design Reviews: Advise product teams on secure architecture, zero-trust networking and segregation of duties Control Lifecycle: Define, monitor and improve technical controls (vulnerability management, hardening baselines, privileged access) together with Development, Infrastructure, and SecOps teams Tooling Strategy: Manage and optimise threat intelligence, security event monitoring, intrusion detection, deception, and related platforms to maintain effective coverage, efficiency, and automation Detection & Response Manage the NIST-aligned lifecycle (prepare, detect, contain, eradicate, recover, lessons learned) Use threat intelligence, vulnerability reports, and similar news sources to assess changes in landscape, threats, and best practices, and provide thoughtful, innovative, and practical guidance to improve our processes and systems Coordinate regular cybersecurity exercises to test security controls, incident response processes, and operational resilience, driving continuous improvement Your Profile University degree in computer science or a comparable education 3 years of experience in the IT security domain. Certifications are a plus (CISSP, CRISC, CISM, ISO27001 Lead Implementer or Auditor) Working knowledge in implementing and maintaining security certifications (eg ISAE3402, SOC1, SOC2, ISO2700x etc) and maintaining compliance to international security standards Experience in the development of practical security processes, policies and standards and management of information security issues and incidents Track record of taking responsibility, working independently and without much supervision Highly motivated to learn about new topics, technologies, and business cases Proficient in spoken and written English is mandatory. German language skills are a plus Our Offer Established and certified security organization and culture, stable and growing multinational company Regular performance appraisals, close interaction with all business functions and management Growth, development, and learning opportunities, including our internal „360T Academy“ Offices located directly in the city center Multinational and multicultural environment, social gatherings and activities The position is based in Frankfurt am Main and vacant immediately. How to Apply If your background and qualifications meet these specifications, please forward your application including your salary expectation, earliest starting date by clicking the “Apply” button. Contact Irune Del Buey People & Culture Manager Send email Grüneburgweg 16-18 60322 Frankfurt am Main About us 360T is one of the globally leading trading platforms for Foreign Exchange (FX). As Deutsche Börse Group’s powerhouse for FX, 360T provides a web-based trading technology for over-the-counter (OTC) instruments, integration solutions and related services. Since its inception in 2000, the company has developed and maintained a state-of-the-art multi-bank portal for foreign exchange, crypto assets, cash and money market products. With over 3,000 Buy-Side customers and more than 200 liquidity providers across 80 different countries, 360T is uniquely positioned to connect the global FX and Crypto industry. Headquartered in Frankfurt am Main, Germany, 360T maintains subsidiaries in London (360 Trading Networks UK Limited), New York (360 Trading Networks Inc), Singapore (360T Asia Pacific Pte. Ltd.), Mumbai (ThreeSixty Trading Networks (India) Pvt Ltd), Kuala Lumpur (360 Trading Networks Sdn Bhd) and Dubai (360 Trading Networks (DIFC) Limited).