A leading financial technology company is seeking an experienced Information Security Manager to join its Security & Privacy Governance team. This role offers the opportunity to shape and enhance a mature ISO 27001:2022-certified ISMS, ensure compliance with the EU Digital Operational Resilience Act (DORA), and align controls with global regulatory frameworks such as the CFTC System Safeguards and MAS TRM Guidelines.
Key Responsibilities
Governance & ICT Risk
* Own and evolve the ISO 27001:2022 ISMS and policy framework.
* Lead DORA implementation across ICT-risk governance, incident reporting, and third-party oversight.
* Map and align controls with international standards (CFTC, MAS TRM).
* Conduct ICT risk assessments and report residual risks to senior leadership.
Engineering & Operations
* Guide product teams on secure architecture and zero-trust principles.
* Define and improve technical controls (e.g., vulnerability management, access control).
* Manage and optimize security tooling (threat intelligence, IDS, deception platforms).
Detection & Response
* Oversee the full incident response lifecycle in line with NIST and regulatory expectations.
* Continuously assess threat landscape and drive improvements.
* Coordinate tabletop and purple-team exercises.
People & Culture
* Deliver engaging security awareness training across departments.
* Support audits, RFPs, and due diligence processes with clients and partners.
Your Profile
* Degree in Computer Science or related field.
* 5+ years in IT security; certifications such as CISSP, CISM, CRISC, or ISO27001 Lead Implementer/Auditor are a plus.
* Experience with security certifications (ISAE3402, SOC1/2, ISO2700x) and regulatory compliance.
* Strong analytical and communication skills; able to explain complex topics clearly.
* Fluent in English (C1+); German (B2+) is desirable.
* Self-driven, adaptable, and eager to learn.
What's Offered
* Clear career development path and regular performance reviews.
* Opportunities to rotate across development teams based on interests and skills.
* Access to internal academy and learning resources.
* Centrally located Frankfurt office with hybrid work model.
* Social events and a collaborative, international team culture.